{"id":"RUSTSEC-2023-0063","summary":"Denial of service in Quinn servers","details":"Receiving QUIC frames containing a frame with unknown frame type could lead to a panic.\nUnfortunately this is issue was not found by our fuzzing infrastructure.\n\nThanks to the QUIC Tester research group for reporting this issue.","aliases":["CVE-2023-42805","GHSA-q8wc-j5m9-27w3"],"modified":"2024-02-10T15:57:43Z","published":"2023-09-21T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/quinn-proto"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2023-0063.html"},{"type":"WEB","url":"https://github.com/quinn-rs/quinn/pull/1667"}],"affected":[{"package":{"name":"quinn-proto","ecosystem":"crates.io","purl":"pkg:cargo/quinn-proto"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.9.5"},{"introduced":"0.10.0-0"},{"fixed":"0.10.5"}]}],"ecosystem_specific":{"affects":{"arch":[],"functions":[],"os":[]},"affected_functions":null},"database_specific":{"categories":["denial-of-service"],"cvss":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0063.json","informational":null}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}