← Volver a CVEs
CVE-2026-31812
N/ADescripcion
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed quic_transport_parameters. In quinn-proto parsing logic, attacker-controlled varints are decoded with unwrap(), so truncated encodings cause Err(UnexpectedEnd) and panic. This is reachable over the network with a single packet and no prior trust or authentication. This vulnerability is fixed in 0.11.14.
Detalles CVE
Puntuacion CVSS v3.1N/A
Publicado3/10/2026
Ultima modificacion3/11/2026
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-248
Referencias
https://github.com/quinn-rs/quinn/security/advisories/GHSA-6xvm-j4wr-6v98(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.