Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using quicly. The vulnerability is addressed with commit 2a95896104901589c495bc41460262e64ffcad5c.
References
Link | Resource |
---|---|
https://github.com/h2o/quicly/commit/2a95896104901589c495bc41460262e64ffcad5c | Patch |
https://github.com/h2o/quicly/security/advisories/GHSA-mp3c-h5gg-mm6p | Vendor Advisory |
Configurations
History
12 Nov 2024, 20:05
Type | Values Removed | Values Added |
---|---|---|
First Time |
Dena
Dena quicly |
|
CPE | cpe:2.3:a:dena:quicly:*:*:*:*:*:*:*:* | |
References | () https://github.com/h2o/quicly/commit/2a95896104901589c495bc41460262e64ffcad5c - Patch | |
References | () https://github.com/h2o/quicly/security/advisories/GHSA-mp3c-h5gg-mm6p - Vendor Advisory |
15 Oct 2024, 12:58
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
11 Oct 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-11 15:15
Updated : 2024-11-12 20:05
NVD link : CVE-2024-45396
Mitre link : CVE-2024-45396
CVE.ORG link : CVE-2024-45396
JSON object : View
Products Affected
dena
- quicly
CWE
CWE-617
Reachable Assertion