← Voltar para CVEs
CVE-2026-31812
N/ADescricao
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed quic_transport_parameters. In quinn-proto parsing logic, attacker-controlled varints are decoded with unwrap(), so truncated encodings cause Err(UnexpectedEnd) and panic. This is reachable over the network with a single packet and no prior trust or authentication. This vulnerability is fixed in 0.11.14.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado3/10/2026
Ultima modificacao3/11/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-248
Referencias
https://github.com/quinn-rs/quinn/security/advisories/GHSA-6xvm-j4wr-6v98(security-advisories@github.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.