GHSA-hxq4-mx37-fqvg

Suggest an improvement
Source
https://github.com/advisories/GHSA-hxq4-mx37-fqvg
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-hxq4-mx37-fqvg/GHSA-hxq4-mx37-fqvg.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-hxq4-mx37-fqvg
Published
2023-06-30T22:11:42Z
Modified
2023-06-30T22:11:42Z
Summary
s2n-quic potential denial of service vulnerability when receiving empty UDP packets
Details

Impact

An issue in s2n-quic results in the endpoint shutting down after receiving an empty UDP packet on a connection.

No AWS services are affected by this issue and customers of AWS services do not need to take action. Applications using s2n-quic should upgrade their application to the most recent release of s2n-quic.

Impacted version: s2n-quic v1.22.0.

Patches

The patch is included in s2n-quic v1.23.0.

If you have any questions or comments about this advisory we ask that you contact AWS/Amazon Security via our vulnerability reporting page or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.

Database specific 
{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-06-30T22:11:42Z"
}
References

Affected packages

crates.io / s2n-quic

Package

Name
s2n-quic
View open source insights on deps.dev
Purl
pkg:cargo/s2n-quic

Affected ranges

Type
SEMVER
Events
Introduced
1.22.0
Fixed
1.23.0

Affected versions

1.*

1.22.0