Vulnerability Description
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed quic_transport_parameters. In quinn-proto parsing logic, attacker-controlled varints are decoded with unwrap(), so truncated encodings cause Err(UnexpectedEnd) and panic. This is reachable over the network with a single packet and no prior trust or authentication. This vulnerability is fixed in 0.11.14.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2026-31812?
CVE-2026-31812 is a documented vulnerability. Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vu...
How severe is CVE-2026-31812?
CVSS scoring is not yet available for CVE-2026-31812. Check NVD for updates.
Is there a patch for CVE-2026-31812?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.