GHSA-475v-pq2g-fp9g

Suggest an improvement
Source
https://github.com/advisories/GHSA-475v-pq2g-fp9g
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-475v-pq2g-fp9g/GHSA-475v-pq2g-fp9g.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-475v-pq2g-fp9g
Published
2023-11-08T15:03:09Z
Modified
2023-11-08T15:03:09Z
Summary
s2n-quic potential denial of service via crafted stream frames
Details

Impact

An issue in s2n-quic could result in unnecessary resource utilization when peers open streams beyond advertised limits.

Impacted versions: <= v1.30.0.

Patches

The patch is included in v1.31.0 [1].

Workarounds

There is no workaround. Applications using s2n-quic should upgrade to the most recent release of s2n-quic.

If you have any questions or comments about this advisory, we ask that you contact AWS Security via our vulnerability reporting page [2] or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.

[1] https://github.com/aws/s2n-quic/releases/tag/v1.31.0 [2] https://aws.amazon.com/security/vulnerability-reporting

Database specific 
{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-08T15:03:09Z"
}
References

Affected packages

crates.io / s2n-quic

Package

Name
s2n-quic
View open source insights on deps.dev
Purl
pkg:cargo/s2n-quic

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.31.0

Database specific 

{
    "last_known_affected_version_range": "<= 1.30.0"
}