RUSTSEC-2026-0185

Source
https://rustsec.org/advisories/RUSTSEC-2026-0185
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0185.json
JSON Data
https://api.test.osv.dev/v1/vulns/RUSTSEC-2026-0185
Aliases
  • GHSA-4w2j-m93h-cj5j
Published
2026-06-22T12:00:00Z
Modified
2026-06-22T18:15:05.172800757Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Remote memory exhaustion in quinn-proto from unbounded out-of-order stream reassembly
Details

The Assembler component that assembles unordered stream fragments into consecutive chunks of the stream incurs some overhead for non-contiguous fragments. Readers that read from a RecvStream in order (through an AsyncRead impl for example) will be sensitive to peers that send fragments while leaving out early parts of the stream, and in particular, fragments with many gaps (because these cannot be defragmented). In such a scenario, the receiving connection suffers from high buffer overhead, enabling memory exhaustion.

Database specific
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / quinn-proto

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
0.11.15

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "functions": [],
        "os": [],
        "arch": []
    }
}

Database specific

source
"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0185.json"
cvss
"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
informational
null
categories
[
    "denial-of-service"
]