CVE-2024-45396

EPSS 0.18%
Veröffentlicht 11.10.2024 15:15:04
Zuletzt bearbeitet 12.11.2024 20:05:09
Quelle security-advisories@github.com
Teams Watchlist Login
Unerledigt Login

Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using quicly. The vulnerability is addressed with commit 2a95896104901589c495bc41460262e64ffcad5c.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dena ≫ Quicly Version < 2024-10-10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.405

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://github.com/h2o/quicly/commit/2a95896104901589c495bc41460262e64ffcad5c

Patch

https://github.com/h2o/quicly/security/advisories/GHSA-mp3c-h5gg-mm6p

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-45396

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45396

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45396

EUVD