HIGH 7.5

RUSTSEC-2023-0063

Denial of service in Quinn servers

Details

Receiving QUIC frames containing a frame with unknown frame type could lead to a panic. Unfortunately this is issue was not found by our fuzzing infrastructure.

Thanks to the QUIC Tester research group for reporting this issue.

Are you affected?

Enter the version of the package you're using.

Affected packages

crates.io / quinn-proto

Introduced in: 0.0.0-0 Fixed in: 0.9.5

Upgrade quinn-proto to 0.9.5 or newer (ecosystem crates.io).

References

https://crates.io/crates/quinn-proto [PACKAGE]
https://rustsec.org/advisories/RUSTSEC-2023-0063.html [ADVISORY]
https://github.com/quinn-rs/quinn/pull/1667 [WEB]