Skip to content

Potential denial of service after connection migration

Low severity GitHub Reviewed Published Jul 24, 2023 in aws/s2n-quic

Package

cargo s2n-quic (Rust)

Affected versions

<= 1.24.0

Patched versions

1.25.0

Description

Impact

An issue in s2n-quic results in the endpoint shutting down due to a combination of peer-initiated connection migration and duplicate new connection ID frames being received. No AWS services are affected by this issue, and customers of AWS services do not need to take action.

Impacted versions: <=v1.24.0

Patches

The patch is included in v1.25.0.

Workarounds

There is no workaround. Applications using s2n-quic should upgrade their application to the most recent release of s2n-quic.

If you have any questions or comments about this advisory we ask that you contact AWS/Amazon Security via our vulnerability reporting page or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.

References

@WesleyRosenblum WesleyRosenblum published to aws/s2n-quic Jul 24, 2023
Published to the GitHub Advisory Database Jul 24, 2023
Reviewed Jul 24, 2023

Severity

Low

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-rfhg-rjfp-9q8q

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.