GO-2024-2682

See a problem?

Source

https://pkg.go.dev/vuln/GO-2024-2682

Import Source

https://vuln.go.dev/ID/GO-2024-2682.json

JSON Data

https://api.osv.dev/v1/vulns/GO-2024-2682

Aliases

Published

2024-04-05T16:53:41Z

Modified

2024-05-20T16:03:47Z

Summary

Denial of service via connection starvation in github.com/quic-go/quic-go

Details

An attacker can cause its peer to run out of memory by sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a RETIRECONNECTIONID frame. The attacker can prevent the receiver from sending out (the vast majority of) these RETIRECONNECTIONID frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate.

References

Credits

- marten-seemann

Affected packages

Go / github.com/quic-go/quic-go

Package

Name: github.com/quic-go/quic-go; View open source insights on deps.dev
Purl: pkg:golang/github.com/quic-go/quic-go

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.42.0

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/quic-go/quic-go",
            "symbols": [
                "Dial",
                "DialAddr",
                "DialAddrEarly",
                "DialEarly",
                "Listen",
                "ListenAddr",
                "ListenAddrEarly",
                "ListenEarly",
                "Transport.Dial",
                "Transport.DialEarly",
                "Transport.Listen",
                "Transport.ListenEarly",
                "connIDGenerator.Retire",
                "connIDGenerator.SetMaxActiveConnIDs",
                "connIDManager.Add",
                "connIDManager.Get",
                "connection.AcceptStream",
                "connection.AcceptUniStream",
                "connection.OpenStream",
                "connection.OpenStreamSync",
                "connection.OpenUniStream",
                "connection.OpenUniStreamSync",
                "connection.run",
                "framerI.AppendStreamFrames",
                "framerI.QueueControlFrame",
                "packetPacker.AppendPacket",
                "packetPacker.MaybePackProbePacket",
                "packetPacker.PackAckOnlyPacket",
                "packetPacker.PackApplicationClose",
                "packetPacker.PackCoalescedPacket",
                "packetPacker.PackConnectionClose",
                "packetPacker.PackMTUProbePacket",
                "receiveStream.CancelRead",
                "receiveStream.CloseRemote",
                "receiveStream.Read",
                "sendStream.CancelWrite",
                "streamsMap.AcceptStream",
                "streamsMap.AcceptUniStream",
                "streamsMap.DeleteStream",
                "streamsMap.HandleMaxStreamsFrame",
                "streamsMap.OpenStream",
                "streamsMap.OpenStreamSync",
                "streamsMap.OpenUniStream",
                "streamsMap.OpenUniStreamSync",
                "streamsMap.UpdateLimits",
                "windowUpdateQueue.QueueAll"
            ]
        }
    ]
}