Vulnerability Description
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Quinn Project | Quinn | < 0.9.5 |
Related Weaknesses (CWE)
References
- https://github.com/quinn-rs/quinn/pull/1667Issue TrackingPatch
- https://github.com/quinn-rs/quinn/pull/1668Issue TrackingPatch
- https://github.com/quinn-rs/quinn/pull/1669Issue Tracking
- https://github.com/quinn-rs/quinn/security/advisories/GHSA-q8wc-j5m9-27w3Vendor Advisory
- https://github.com/quinn-rs/quinn/pull/1667Issue TrackingPatch
- https://github.com/quinn-rs/quinn/pull/1668Issue TrackingPatch
- https://github.com/quinn-rs/quinn/pull/1669Issue Tracking
- https://github.com/quinn-rs/quinn/security/advisories/GHSA-q8wc-j5m9-27w3Vendor Advisory
FAQ
What is CVE-2023-42805?
CVE-2023-42805 is a vulnerability with a CVSS score of 7.5 (HIGH). quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed i...
How severe is CVE-2023-42805?
CVE-2023-42805 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-42805?
Check the references section above for vendor advisories and patch information. Affected products include: Quinn Project Quinn.