rustsec-2026-0185
Vulnerability from osv_rustsec
Published
2026-06-22 12:00
Modified
2026-06-22 18:11
Summary
Remote memory exhaustion in quinn-proto from unbounded out-of-order stream reassembly
Details
The Assembler component that assembles unordered stream fragments into consecutive chunks of the
stream incurs some overhead for non-contiguous fragments. Readers that read from a RecvStream in
order (through an AsyncRead impl for example) will be sensitive to peers that send fragments
while leaving out early parts of the stream, and in particular, fragments with many gaps (because
these cannot be defragmented). In such a scenario, the receiving connection suffers from high
buffer overhead, enabling memory exhaustion.
{
"affected": [
{
"database_specific": {
"categories": [
"denial-of-service"
],
"cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"informational": null
},
"ecosystem_specific": {
"affected_functions": null,
"affects": {
"arch": [],
"functions": [],
"os": []
}
},
"package": {
"ecosystem": "crates.io",
"name": "quinn-proto",
"purl": "pkg:cargo/quinn-proto"
},
"ranges": [
{
"events": [
{
"introduced": "0.0.0-0"
},
{
"fixed": "0.11.15"
}
],
"type": "SEMVER"
}
],
"versions": []
}
],
"aliases": [
"GHSA-4w2j-m93h-cj5j"
],
"database_specific": {
"license": "CC0-1.0"
},
"details": "The `Assembler` component that assembles unordered stream fragments into consecutive chunks of the\nstream incurs some overhead for non-contiguous fragments. Readers that read from a RecvStream in\norder (through an `AsyncRead` impl for example) will be sensitive to peers that send fragments\nwhile leaving out early parts of the stream, and in particular, fragments with many gaps (because\nthese cannot be defragmented). In such a scenario, the receiving connection suffers from high\nbuffer overhead, enabling memory exhaustion.",
"id": "RUSTSEC-2026-0185",
"modified": "2026-06-22T18:11:20Z",
"published": "2026-06-22T12:00:00Z",
"references": [
{
"type": "PACKAGE",
"url": "https://crates.io/crates/quinn-proto"
},
{
"type": "ADVISORY",
"url": "https://rustsec.org/advisories/RUSTSEC-2026-0185.html"
},
{
"type": "WEB",
"url": "https://github.com/quinn-rs/quinn/pull/2694"
}
],
"related": [],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": " Remote memory exhaustion in quinn-proto from unbounded out-of-order stream reassembly"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…