GHSA-ppxx-5m9h-6vxf

Source

https://github.com/advisories/GHSA-ppxx-5m9h-6vxf

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-ppxx-5m9h-6vxf/GHSA-ppxx-5m9h-6vxf.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-ppxx-5m9h-6vxf

Aliases

Related

Published

2024-01-10T15:08:40Z

Modified

2024-05-20T21:59:16Z

Severity

6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H CVSS Calculator

Summary

quic-go's path validation mechanism can be exploited to cause denial of service

Details

An attacker can cause its peer to run out of memory sending a large number of PATHCHALLENGE frames. The receiver is supposed to respond to each PATHCHALLENGE frame with a PATHRESPONSE frame. The attacker can prevent the receiver from sending out (the vast majority of) these PATHRESPONSE frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate.

I published a more detailed description of the attack and its mitigation in this blog post: https://seemann.io/posts/2023-12-18-exploiting-quics-path-validation/

There's no way to mitigate this attack, please update quic-go to a version that contains the fix.

Database specific

{
    "nvd_published_at": "2024-01-10T22:15:50Z",
    "cwe_ids": [
        "CWE-400"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-10T15:08:40Z"
}

References