CVE-2022-30591

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-30591
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-30591.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-30591
Downstream
Published
2022-07-06T12:15:08.173Z
Modified
2025-11-14T13:16:18.273100Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

quic-go through 0.27.0 allows remote attackers to cause a denial of service (CPU consumption) via a Slowloris variant in which incomplete QUIC or HTTP/3 requests are sent. This occurs because mtu_discoverer.go misparses the MTU Discovery service and consequently overflows the probe timer. NOTE: the vendor's position is that this behavior should not be listed as a vulnerability on the CVE List

Database specific 
{
    "isDisputed": true
}
References

Affected packages

Git / github.com/lucas-clemente/quic-go

Affected ranges

Type
GIT
Repo
https://github.com/lucas-clemente/quic-go
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fa0dba963a29dca6309a8dbd2490caa00d832a3f

Affected versions

v.*

v.0.21

v0.*

v0.21.0
v0.21.1
v0.22.0
v0.23.0
v0.24.0
v0.25.0
v0.26.0
v0.27.0
v0.4
v0.5.0
v0.6.0
v0.7.0