Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-78wx-jg4j-5j6g

GitHub Security Advisory

quiche vulnerable to unlimited resource allocation by QUIC CRYPTO frames flooding

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact

Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client.

A remote attacker could take advantage of this vulnerability by repeatedly sending an unlimited number of 1-RTT CRYPTO frames after previously completing the QUIC handshake.
Exploitation was possible for the duration of the connection which could be extended by the attacker.

### Patches

Quiche 0.19.2 and 0.20.1 are the earliest versions containing the fix for this issue.

Affected Packages

crates.io quiche
Affected versions: 0 (fixed in 0.19.2)
crates.io quiche
Affected versions: 0.20.0 (fixed in 0.20.1)

Related CVEs

CVE-2024-1765

Key Information

GHSA ID
GHSA-78wx-jg4j-5j6g
Published
March 13, 2024 3:39 PM
Last Modified
March 13, 2024 3:39 PM
CVSS Score
5.0 /10
Primary Ecosystem
crates.io
Primary Package
quiche
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 12, 2025 6:34 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.