Skip to content

s2n-quic potential denial of service via crafted stream frames

Low severity GitHub Reviewed Published Nov 6, 2023 in aws/s2n-quic • Updated Nov 8, 2023

Package

cargo s2n-quic (Rust)

Affected versions

<= 1.30.0

Patched versions

1.31.0

Description

Impact

An issue in s2n-quic could result in unnecessary resource utilization when peers open streams beyond advertised limits.

Impacted versions: <= v1.30.0.

Patches

The patch is included in v1.31.0 [1].

Workarounds

There is no workaround. Applications using s2n-quic should upgrade to the most recent release of s2n-quic.

If you have any questions or comments about this advisory, we ask that you contact AWS Security via our vulnerability reporting page [2] or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.

[1] https://github.com/aws/s2n-quic/releases/tag/v1.31.0
[2] https://aws.amazon.com/security/vulnerability-reporting

References

@goatgoose goatgoose published to aws/s2n-quic Nov 6, 2023
Published to the GitHub Advisory Database Nov 8, 2023
Reviewed Nov 8, 2023
Last updated Nov 8, 2023

Severity

Low

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-475v-pq2g-fp9g

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.