GHSA-xh5m-8qqp-c5x7

Source

https://github.com/advisories/GHSA-xh5m-8qqp-c5x7

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-xh5m-8qqp-c5x7/GHSA-xh5m-8qqp-c5x7.json

Aliases

• BIT-2023-38171
• BIT-dotnet-2023-38171
• BIT-dotnet-sdk-2023-38171
• CVE-2023-38171

Published

2023-10-10T21:23:27Z

Modified

2023-11-08T04:13:06.584052Z

Details

Impact

The MsQuic server application or process will crash, resulting in a denial of service.

Patches

The following patch was made:

• Don't Allow Version Negotiation Packets for Server Connections - https://github.com/microsoft/msquic/commit/3226cff07d22662f16fc98d605656860e64cd343

Workarounds

Beyond upgrading to the patched versions, there is no other workaround. You must upgrade or disable MsQuic functionality.

References

• https://github.com/microsoft/msquic/security/advisories/GHSA-xh5m-8qqp-c5x7
• https://nvd.nist.gov/vuln/detail/CVE-2023-38171
• https://github.com/microsoft/msquic/commit/3226cff07d22662f16fc98d605656860e64cd343
• https://github.com/microsoft/msquic
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171