RUSTSEC-2024-0373

See a problem?

Source

https://rustsec.org/advisories/RUSTSEC-2024-0373

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2024-0373.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2024-0373

Aliases

Published

2024-09-02T12:00:00Z

Modified

2024-09-08T01:57:19.068440Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

`Endpoint::retry()` calls can lead to panicking

Details

In 0.11.0, we overhauled the server-side Endpoint implementation to enable more careful handling of incoming connection attempts. However, some of the code paths that cleaned up state after connection attempts were processed confused the initial destination connection ID with the destination connection ID of a substantial package. This resulted in the internal Endpoint state becoming inconsistent, which could then lead to a panic.

https://github.com/quinn-rs/quinn/commit/e01609ccd8738bd438d86fa7185a0f85598cb58f

Thanks to @finbear for reporting and investingating, and to @BiagoFesta for coordinating.

References

Affected packages

crates.io / quinn-proto

Package

Name: quinn-proto; View open source insights on deps.dev
Purl: pkg:cargo/quinn-proto

Affected ranges

Type: SEMVER
Events: Introduced

0.11.0

Fixed

0.11.7

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "informational": null,
    "categories": [
        "denial-of-service"
    ]
}