GHSA-475v-pq2g-fp9g

Source

https://github.com/advisories/GHSA-475v-pq2g-fp9g

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-475v-pq2g-fp9g/GHSA-475v-pq2g-fp9g.json

Published

2023-11-08T15:03:09Z

Modified

2023-11-08T15:03:09Z

Details

Impact

An issue in s2n-quic could result in unnecessary resource utilization when peers open streams beyond advertised limits.

Impacted versions: <= v1.30.0.

Patches

The patch is included in v1.31.0 [1].

Workarounds

There is no workaround. Applications using s2n-quic should upgrade to the most recent release of s2n-quic.

If you have any questions or comments about this advisory, we ask that you contact AWS Security via our vulnerability reporting page [2] or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.

[1] https://github.com/aws/s2n-quic/releases/tag/v1.31.0 [2] https://aws.amazon.com/security/vulnerability-reporting

References

Affected packages

crates.io / s2n-quic

Package

Name: s2n-quic

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.31.0

Database specific

{
    "last_known_affected_version_range": "<= 1.30.0"
}