// For flags

CVE-2023-6193

Unbounded queuing of path validation messages in cloudflare-quiche

Severity Score

5.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption.
QUIC path validation (RFC 9000 Section 8.2) requires that the recipient of a PATH_CHALLENGE frame responds by sending a PATH_RESPONSE. An unauthenticated remote attacker can exploit the vulnerability by sending PATH_CHALLENGE frames and manipulating the connection (e.g. by restricting the peer's congestion window size) so that PATH_RESPONSE frames can only be sent at the slower rate than they are received; leading to storage of path validation data in an unbounded queue.
Quiche versions greater than 0.19.0 address this problem.

Se descubrió que quiche v. 0.15.0 a 0.19.0 era vulnerable a colas ilimitadas de mensajes de validación de ruta, lo que podría provocar un consumo excesivo de recursos. La validación de ruta QUIC (RFC 9000 Sección 8.2) requiere que el destinatario de una trama PATH_CHALLENGE responda enviando una PATH_RESPONSE. Un atacante remoto no autenticado puede explotar la vulnerabilidad enviando tramas PATH_CHALLENGE y manipulando la conexión (por ejemplo, restringiendo el tamaño de la ventana de congestión del par) de modo que las tramas PATH_RESPONSE sólo puedan enviarse a una velocidad más lenta de la que se reciben; lo que lleva al almacenamiento de datos de validación de ruta en una cola ilimitada. Las versiones de Quiche superiores a 0.19.0 solucionan este problema.

*Credits: Marten Seemann
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-11-17 CVE Reserved
  • 2023-12-12 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-11-11 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-400: Uncontrolled Resource Consumption
CAPEC
  • CAPEC-130: Excessive Allocation
  • CAPEC-272: Protocol Manipulation
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cloudflare
Search vendor "Cloudflare"
Quiche
Search vendor "Cloudflare" for product "Quiche"
>= 0.15.0 <= 0.19.0
Search vendor "Cloudflare" for product "Quiche" and version " >= 0.15.0 <= 0.19.0"
-
Affected