CVE-2025-4820
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
18/06/2025
Last modified:
23/06/2025
Description
Impact<br />
<br />
Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support.<br />
<br />
An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating a congestion-controlled data transfer towards itself. Then, it could manipulate the victim&#39;s congestion control state by sending ACK frames exercising an opportunistic ACK attack; see RFC 9000 Section 21.4. The victim could grow the congestion window beyond typical expectations and allow more bytes in flight than the path might really support.<br />
<br />
<br />
<br />
Patches<br />
<br />
<br />
quiche 0.24.4 is the earliest version containing the fix for this issue.
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM