CVE-2024-45396

Summary

Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using quicly. The vulnerability is addressed with commit 2a95896104901589c495bc41460262e64ffcad5c.

Affected Software

VendorProductVersion RangeStatus
h2oquicly< 2a95896104901589c495bc41460262e64ffcad5caffected

Weaknesses

  • CWE-617: CWE-617: Reachable Assertion

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References