← Retour aux CVEs
CVE-2026-31812
N/ADescription
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed quic_transport_parameters. In quinn-proto parsing logic, attacker-controlled varints are decoded with unwrap(), so truncated encodings cause Err(UnexpectedEnd) and panic. This is reachable over the network with a single packet and no prior trust or authentication. This vulnerability is fixed in 0.11.14.
Details CVE
Score CVSS v3.1N/A
Publie3/10/2026
Derniere modification3/11/2026
Sourcenvd
Observations honeypot0
Faiblesses (CWE)
CWE-248
References
https://github.com/quinn-rs/quinn/security/advisories/GHSA-6xvm-j4wr-6v98(security-advisories@github.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.