CVE-2023-6193 (GCVE-0-2023-6193)
Vulnerability from cvelistv5
Published
2023-12-12 13:32
Modified
2024-08-02 08:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption.
QUIC path validation (RFC 9000 Section 8.2) requires that the recipient of a PATH_CHALLENGE frame responds by sending a PATH_RESPONSE. An unauthenticated remote attacker can exploit the vulnerability by sending PATH_CHALLENGE frames and manipulating the connection (e.g. by restricting the peer's congestion window size) so that PATH_RESPONSE frames can only be sent at the slower rate than they are received; leading to storage of path validation data in an unbounded queue.
Quiche versions greater than 0.19.0 address this problem.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cloudflare | quiche |
Version: 0.15.0 ≤ 0.19.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.737Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/cloudflare/quiche/security/advisories/GHSA-w3vp-jw9m-f9pm"
},
{
"tags": [
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/html/rfc9000#section-8.2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "cloudflare-quiche",
"product": "quiche",
"vendor": "Cloudflare",
"versions": [
{
"lessThanOrEqual": "0.19.0",
"status": "affected",
"version": "0.15.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Marten Seemann "
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption.\u003cbr\u003eQUIC path validation (RFC 9000 Section 8.2) requires that the recipient of a PATH_CHALLENGE frame responds by sending a PATH_RESPONSE. An unauthenticated remote attacker can exploit the vulnerability by sending PATH_CHALLENGE frames and manipulating the connection (e.g. by restricting the peer\u0027s congestion window size) so that PATH_RESPONSE frames can only be sent at the slower rate than they are received; leading to storage of path validation data in an unbounded queue. \u003cbr\u003eQuiche versions greater than 0.19.0 address this problem."
}
],
"value": "quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption.\nQUIC path validation (RFC 9000 Section 8.2) requires that the recipient of a PATH_CHALLENGE frame responds by sending a PATH_RESPONSE. An unauthenticated remote attacker can exploit the vulnerability by sending PATH_CHALLENGE frames and manipulating the connection (e.g. by restricting the peer\u0027s congestion window size) so that PATH_RESPONSE frames can only be sent at the slower rate than they are received; leading to storage of path validation data in an unbounded queue. \nQuiche versions greater than 0.19.0 address this problem."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
},
{
"capecId": "CAPEC-272",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-272 Protocol Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T13:32:03.183Z",
"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"shortName": "cloudflare"
},
"references": [
{
"url": "https://github.com/cloudflare/quiche/security/advisories/GHSA-w3vp-jw9m-f9pm"
},
{
"url": "https://datatracker.ietf.org/doc/html/rfc9000#section-8.2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unbounded queuing of path validation messages in cloudflare-quiche",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513",
"assignerShortName": "cloudflare",
"cveId": "CVE-2023-6193",
"datePublished": "2023-12-12T13:32:03.183Z",
"dateReserved": "2023-11-17T14:39:07.534Z",
"dateUpdated": "2024-08-02T08:21:17.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…