CVE-2023-6193: Unbounded queuing of path validation messages in cloudflare-quiche

First published: Tue Dec 12 2023(Updated: )

### Impact quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation ([RFC 9000 Section 8.2](https://datatracker.ietf.org/doc/html/rfc9000#section-8.2)) requires that the recipient of a PATH_CHALLENGE frame responds by sending a PATH_RESPONSE. An unauthenticated remote attacker can exploit the vulnerability by sending PATH_CHALLENGE frames and manipulating the connection (e.g. by restricting the peer's congestion window size) so that PATH_RESPONSE frames can only be sent at the slower rate than they are received, leading to storage of path validation data in an unbounded queue. ### Patches Quiche versions greater than 0.19.0 address this problem. ### References [CVE-2023-6193](https://www.cve.org/CVERecord?id=CVE-2023-6193) [RFC 9000 Section 8.2](https://datatracker.ietf.org/doc/html/rfc9000#section-8.2)

Credit: cna@cloudflare.com cna@cloudflare.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/github-advisory-latest
• alias/GHSA-w3vp-jw9m-f9pm
• alias/CVE-2023-6193
• collector/nvd-api
• collector/nvd-cve
• collector/github-advisory
• agent/author
• agent/type
• agent/first-publish-date
• agent/softwarecombine
• agent/last-modified-date
• agent/tags
• agent/title
• agent/weakness
• agent/severity
• agent/references
• agent/event
• collector/epss-latest
• source/FIRST
• agent/description
• agent/epss
• collector/mitre-cve
• source/MITRE
• package-manager/rust
• vendor/cloudflare
• canonical/cloudflare quiche
• version/cloudflare quiche/0.15.0
• version/cloudflare quiche/0.19.0