Impact
An issue in s2n-quic could result in unnecessary resource utilization when peers open streams beyond advertised limits.
Impacted versions: <= v1.30.0.
Patches
The patch is included in v1.31.0 [1].
Workarounds
There is no workaround. Applications using s2n-quic should upgrade to the most recent release of s2n-quic.
If you have any questions or comments about this advisory, we ask that you contact AWS Security via our vulnerability reporting page [2] or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.
[1] https://github.com/aws/s2n-quic/releases/tag/v1.31.0
[2] https://aws.amazon.com/security/vulnerability-reporting
References
Impact
An issue in s2n-quic could result in unnecessary resource utilization when peers open streams beyond advertised limits.
Impacted versions: <= v1.30.0.
Patches
The patch is included in v1.31.0 [1].
Workarounds
There is no workaround. Applications using s2n-quic should upgrade to the most recent release of s2n-quic.
If you have any questions or comments about this advisory, we ask that you contact AWS Security via our vulnerability reporting page [2] or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.
[1] https://github.com/aws/s2n-quic/releases/tag/v1.31.0
[2] https://aws.amazon.com/security/vulnerability-reporting
References