← Back to CVEs
CVE-2026-31812
N/ADescription
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed quic_transport_parameters. In quinn-proto parsing logic, attacker-controlled varints are decoded with unwrap(), so truncated encodings cause Err(UnexpectedEnd) and panic. This is reachable over the network with a single packet and no prior trust or authentication. This vulnerability is fixed in 0.11.14.
CVE Details
CVSS v3.1 ScoreN/A
Published3/10/2026
Last Modified3/11/2026
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-248
References
https://github.com/quinn-rs/quinn/security/advisories/GHSA-6xvm-j4wr-6v98(security-advisories@github.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.