CVE-2024-45311

Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. As of quinn-proto 0.11, it is possible for a server to `accept()`, `retry()`, `refuse()`, or `ignore()` an `Incoming` connection. However, calling `retry()` on an unvalidated connection exposes the server to a likely panic in the following situations: 1. Calling `refuse` or `ignore` on the resulting validated connection, if a duplicate initial packet is received. This issue can go undetected until a server's `refuse()`/`ignore()` code path is exercised, such as to stop a denial of service attack. 2. Accepting when the initial packet for the resulting validated connection fails to decrypt or exhausts connection IDs, if a similar initial packet that successfully decrypts and doesn't exhaust connection IDs is received. This issue can go undetected if clients are well-behaved. The former situation was observed in a real application, while the latter is only theoretical.
Configurations

Configuration 1 (hide)

cpe:2.3:a:quinn_project:quinn:*:*:*:*:*:rust:*:*

History

25 Sep 2024, 17:03

Type Values Removed Values Added
First Time Quinn Project quinn
Quinn Project
References () https://github.com/quinn-rs/quinn/blob/bb02a12a8435a7732a1d762783eeacbb7e50418e/quinn-proto/src/endpoint.rs#L213 - () https://github.com/quinn-rs/quinn/blob/bb02a12a8435a7732a1d762783eeacbb7e50418e/quinn-proto/src/endpoint.rs#L213 - Issue Tracking
References () https://github.com/quinn-rs/quinn/commit/e01609ccd8738bd438d86fa7185a0f85598cb58f - () https://github.com/quinn-rs/quinn/commit/e01609ccd8738bd438d86fa7185a0f85598cb58f - Patch
References () https://github.com/quinn-rs/quinn/security/advisories/GHSA-vr26-jcq5-fjj8 - () https://github.com/quinn-rs/quinn/security/advisories/GHSA-vr26-jcq5-fjj8 - Vendor Advisory
CPE cpe:2.3:a:quinn_project:quinn:*:*:*:*:*:rust:*:*

03 Sep 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) Quinn es una implementación compatible con async y puramente Rust del protocolo de transporte IETF QUIC. A partir del protocolo quinn 0.11, es posible que un servidor `accept()`, `retry()`, `refuse()` o `ignore()` una conexión `Incoming`. Sin embargo, llamar a `retry()` en una conexión no validada expone al servidor a un posible pánico en las siguientes situaciones: 1. Llamar a `refuse` o `ignore` en la conexión validada resultante, si se recibe un paquete inicial duplicado. Este problema puede pasar desapercibido hasta que se ejerza la ruta de código `refuse()`/`ignore()` de un servidor, como para detener un ataque de denegación de servicio. 2. Aceptar cuando el paquete inicial para la conexión validada resultante no logra descifrar o agota los ID de conexión, si se recibe un paquete inicial similar que descifra con éxito y no agota los ID de conexión. Este problema puede pasar desapercibido si los clientes se comportan bien. La primera situación se observó en una aplicación real, mientras que la segunda es sólo teórica.

02 Sep 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-02 18:15

Updated : 2024-09-25 17:03


NVD link : CVE-2024-45311

Mitre link : CVE-2024-45311

CVE.ORG link : CVE-2024-45311


JSON object : View

Products Affected

quinn_project

  • quinn
CWE
CWE-670

Always-Incorrect Control Flow Implementation