Description
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
https://github.com/quinn-rs/quinn/security/advisories/GHSA-q8wc-j5m9-27w3
Issue Tracking, Patch x_refsource_misc
https://github.com/quinn-rs/quinn/pull/1667
Issue Tracking, Patch x_refsource_misc
https://github.com/quinn-rs/quinn/pull/1668
Issue Tracking x_refsource_misc
https://github.com/quinn-rs/quinn/pull/1669
Scores
CVSS v3
7.5
EPSS
0.0076
EPSS Percentile
50.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (2)
crates.io/quinn-proto
0 - 0.9.5crates.io
quinn_project/quinn
< 0.9.5
Published
Sep 21, 2023
Tracked Since
Feb 18, 2026