GHSA-rfhg-rjfp-9q8q

Suggest an improvement
Source
https://github.com/advisories/GHSA-rfhg-rjfp-9q8q
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-rfhg-rjfp-9q8q/GHSA-rfhg-rjfp-9q8q.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-rfhg-rjfp-9q8q
Published
2023-07-24T22:43:05Z
Modified
2023-07-24T22:43:05Z
Summary
Potential denial of service after connection migration
Details

Impact

An issue in s2n-quic results in the endpoint shutting down due to a combination of peer-initiated connection migration and duplicate new connection ID frames being received. No AWS services are affected by this issue, and customers of AWS services do not need to take action.

Impacted versions: <=v1.24.0

Patches

The patch is included in v1.25.0.

Workarounds

There is no workaround. Applications using s2n-quic should upgrade their application to the most recent release of s2n-quic.

If you have any questions or comments about this advisory we ask that you contact AWS/Amazon Security via our vulnerability reporting page or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.

Database specific 
{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-24T22:43:05Z"
}
References

Affected packages

crates.io / s2n-quic

Package

Name
s2n-quic
View open source insights on deps.dev
Purl
pkg:cargo/s2n-quic

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.25.0

Database specific 

{
    "last_known_affected_version_range": "<= 1.24.0"
}