CVE-2024-1765

Severity CVSS v4.0:
Pending analysis
Type:
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
Publication date:
12/03/2024
Last modified:
13/03/2024

Description

Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client.<br /> A remote attacker could take advantage of this vulnerability by repeatedly sending an unlimited number of 1-RTT CRYPTO frames after previously completing the QUIC handshake.<br /> Exploitation was possible for the duration of the connection which could be extended by the attacker. <br /> quiche 0.19.2 and 0.20.1 are the earliest versions containing the fix for this issue.<br /> <br />