Home > Vulnerability Database > CVE-2024-1765

Mend.io Vulnerability Database

CVE-2024-1765

Good to know:

Date: March 12, 2024

Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client. A remote attacker could take advantage of this vulnerability by repeatedly sending an unlimited number of 1-RTT CRYPTO frames after previously completing the QUIC handshake. Exploitation was possible for the duration of the connection which could be extended by the attacker. quiche 0.19.2 and 0.20.1 are the earliest versions containing the fix for this issue.

Language: RUST

Severity Score

5.9

Related Resources (3)

Url: https://github.com/cloudflare/quiche/security/advisories/GHSA-78wx-jg4j-5j6g

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-1765

Url: https://www.mend.io/vulnerability-database/CVE-2024-1765

Severity Score

5.9

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Allocation of Resources Without Limits or Throttling

CWE-770

Top Fix

Upgrade Version

Upgrade to version quiche - 0.19.2,0.20.1

Learn More

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-1765

Good to know:

Date: March 12, 2024

Language: RUST

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?