Skip to content

s2n-quic potential denial of service vulnerability when receiving empty UDP packets

Moderate severity GitHub Reviewed Published Jun 30, 2023 in aws/s2n-quic • Updated Jun 30, 2023

Package

cargo s2n-quic (Rust)

Affected versions

= 1.22.0

Patched versions

1.23.0

Description

Impact

An issue in s2n-quic results in the endpoint shutting down after receiving an empty UDP packet on a connection.

No AWS services are affected by this issue and customers of AWS services do not need to take action. Applications using s2n-quic should upgrade their application to the most recent release of s2n-quic.

Impacted version: s2n-quic v1.22.0.

Patches

The patch is included in s2n-quic v1.23.0.

If you have any questions or comments about this advisory we ask that you contact AWS/Amazon Security via our vulnerability reporting page or directly via email to [email protected]. Please do not create a public GitHub issue.

References

@goatgoose goatgoose published to aws/s2n-quic Jun 30, 2023
Published to the GitHub Advisory Database Jun 30, 2023
Reviewed Jun 30, 2023
Last updated Jun 30, 2023

Severity

Moderate

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-hxq4-mx37-fqvg

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.