CVE-2024-1765
Severity CVSS v4.0:
Pending analysis
Type:
CWE-400
Uncontrolled Resource Consumption ('Resource Exhaustion')
Publication date:
12/03/2024
Last modified:
13/03/2024
Description
Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client.<br />
A remote attacker could take advantage of this vulnerability by repeatedly sending an unlimited number of 1-RTT CRYPTO frames after previously completing the QUIC handshake.<br />
Exploitation was possible for the duration of the connection which could be extended by the attacker. <br />
quiche 0.19.2 and 0.20.1 are the earliest versions containing the fix for this issue.<br />
<br />
Impact
Base Score 3.x
5.90
Severity 3.x
MEDIUM