Skip to content

Potential denial of service via crafted stream frames

Low
goatgoose published GHSA-475v-pq2g-fp9g Nov 6, 2023

Package

cargo s2n-quic (Rust)

Affected versions

<= v1.30.0

Patched versions

v1.31.0

Description

Impact

An issue in s2n-quic could result in unnecessary resource utilization when peers open streams beyond advertised limits.

Impacted versions: <= v1.30.0.

Patches

The patch is included in v1.31.0 [1].

Workarounds

There is no workaround. Applications using s2n-quic should upgrade to the most recent release of s2n-quic.

If you have any questions or comments about this advisory, we ask that you contact AWS Security via our vulnerability reporting page [2] or directly via email to [email protected]. Please do not create a public GitHub issue.

[1] https://github.com/aws/s2n-quic/releases/tag/v1.31.0
[2] https://aws.amazon.com/security/vulnerability-reporting

Severity

Low

CVE ID

No known CVE

Weaknesses

No CWEs