GHSA-fr44-546p-7xcp

Source
https://github.com/advisories/GHSA-fr44-546p-7xcp
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-fr44-546p-7xcp/GHSA-fr44-546p-7xcp.json
Aliases
Published
2023-10-10T22:23:28Z
Modified
2023-12-06T01:03:06.128910Z
Details

Impact

The MsQuic server will continue to leak memory until no more is available, resulting in a denial of service.

Patches

The following patch was made:

  • Fix Memory Leak from Multiple Decodes of TP - https://github.com/microsoft/msquic/commit/d364feeda0dd8b729eca6fef149c1ef98630f0cb

Workarounds

Beyond upgrading to the patched versions, there is no other workaround.

References

Affected packages

NuGet / Microsoft.Native.Quic.MsQuic.OpenSSL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
2.2.3

Affected versions

1.*

1.8.0

NuGet / Microsoft.Native.Quic.MsQuic.Schannel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
2.2.3

Affected versions

1.*

1.8.0