Vulnerability Details CVE-2023-42805
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.7%
CVSS Severity
CVSS v3 Score 7.5
References
- https://github.com/quinn-rs/quinn/pull/1667
- https://github.com/quinn-rs/quinn/pull/1668
- https://github.com/quinn-rs/quinn/pull/1669
- https://github.com/quinn-rs/quinn/security/advisories/GHSA-q8wc-j5m9-27w3
- https://github.com/quinn-rs/quinn/pull/1667
- https://github.com/quinn-rs/quinn/pull/1668
- https://github.com/quinn-rs/quinn/pull/1669
- https://github.com/quinn-rs/quinn/security/advisories/GHSA-q8wc-j5m9-27w3
Products affected by CVE-2023-42805
-
cpe:2.3:a:quinn_project:quinn:0.1.0
-
cpe:2.3:a:quinn_project:quinn:0.10.0
-
cpe:2.3:a:quinn_project:quinn:0.10.1
-
cpe:2.3:a:quinn_project:quinn:0.10.2
-
cpe:2.3:a:quinn_project:quinn:0.10.3
-
cpe:2.3:a:quinn_project:quinn:0.10.4
-
cpe:2.3:a:quinn_project:quinn:0.2.0
-
cpe:2.3:a:quinn_project:quinn:0.3.0
-
cpe:2.3:a:quinn_project:quinn:0.4.0
-
cpe:2.3:a:quinn_project:quinn:0.5.0
-
cpe:2.3:a:quinn_project:quinn:0.5.1
-
cpe:2.3:a:quinn_project:quinn:0.5.2
-
cpe:2.3:a:quinn_project:quinn:0.5.3
-
cpe:2.3:a:quinn_project:quinn:0.5.4
-
cpe:2.3:a:quinn_project:quinn:0.6.0
-
cpe:2.3:a:quinn_project:quinn:0.6.1
-
cpe:2.3:a:quinn_project:quinn:0.6.2
-
cpe:2.3:a:quinn_project:quinn:0.7.0
-
cpe:2.3:a:quinn_project:quinn:0.7.1
-
cpe:2.3:a:quinn_project:quinn:0.7.2
-
cpe:2.3:a:quinn_project:quinn:0.8.0
-
cpe:2.3:a:quinn_project:quinn:0.8.1
-
cpe:2.3:a:quinn_project:quinn:0.8.2
-
cpe:2.3:a:quinn_project:quinn:0.8.3
-
cpe:2.3:a:quinn_project:quinn:0.8.4
-
cpe:2.3:a:quinn_project:quinn:0.8.5
-
cpe:2.3:a:quinn_project:quinn:0.9.0
-
cpe:2.3:a:quinn_project:quinn:0.9.1
-
cpe:2.3:a:quinn_project:quinn:0.9.2
-
cpe:2.3:a:quinn_project:quinn:0.9.3
-
cpe:2.3:a:quinn_project:quinn:0.9.4