blob: 9f3b4efd6b171cb07c5e0fd4ce1950b45c3531c1 [file] [log] [blame]
{
"schema_version": "1.3.1",
"id": "GO-2024-2682",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-22189",
"GHSA-c33x-xqrf-c478"
],
"summary": "Denial of service via connection starvation in github.com/quic-go/quic-go",
"details": "An attacker can cause its peer to run out of memory by sending a large number of NEW_CONNECTION_ID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a RETIRE_CONNECTION_ID frame. The attacker can prevent the receiver from sending out (the vast majority of) these RETIRE_CONNECTION_ID frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate.",
"affected": [
{
"package": {
"name": "github.com/quic-go/quic-go",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.42.0"
}
]
}
],
"ecosystem_specific": {
"imports": [
{
"path": "github.com/quic-go/quic-go",
"symbols": [
"Dial",
"DialAddr",
"DialAddrEarly",
"DialEarly",
"Listen",
"ListenAddr",
"ListenAddrEarly",
"ListenEarly",
"Transport.Dial",
"Transport.DialEarly",
"Transport.Listen",
"Transport.ListenEarly",
"connIDGenerator.Retire",
"connIDGenerator.SetMaxActiveConnIDs",
"connIDManager.Add",
"connIDManager.Get",
"connection.AcceptStream",
"connection.AcceptUniStream",
"connection.OpenStream",
"connection.OpenStreamSync",
"connection.OpenUniStream",
"connection.OpenUniStreamSync",
"connection.run",
"framerI.AppendStreamFrames",
"framerI.QueueControlFrame",
"packetPacker.AppendPacket",
"packetPacker.MaybePackProbePacket",
"packetPacker.PackAckOnlyPacket",
"packetPacker.PackApplicationClose",
"packetPacker.PackCoalescedPacket",
"packetPacker.PackConnectionClose",
"packetPacker.PackMTUProbePacket",
"receiveStream.CancelRead",
"receiveStream.CloseRemote",
"receiveStream.Read",
"sendStream.CancelWrite",
"streamsMap.AcceptStream",
"streamsMap.AcceptUniStream",
"streamsMap.DeleteStream",
"streamsMap.HandleMaxStreamsFrame",
"streamsMap.OpenStream",
"streamsMap.OpenStreamSync",
"streamsMap.OpenUniStream",
"streamsMap.OpenUniStreamSync",
"streamsMap.UpdateLimits",
"windowUpdateQueue.QueueAll"
]
}
]
}
}
],
"references": [
{
"type": "FIX",
"url": "https://github.com/quic-go/quic-go/commit/4a99b816ae3ab03ae5449d15aac45147c85ed47a"
},
{
"type": "WEB",
"url": "https://seemann.io/posts/2024-03-19-exploiting-quics-connection-id-management"
}
],
"credits": [
{
"name": "marten-seemann"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2682"
}
}