CVE-2023-6193

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Dec 12, 2023

Updated: Dec 14, 2023

CWE ID 400

Summary

CVE-2023-6193 affects quiche version 0.15.0 through 0.19.0, where an attacker can manipulate QUIC path validation messages, causing an unbounded queueing of PATH_RESPONSE frames. This results in excessive resource consumption as the recipient is forced to send responses at a slower rate than they are received. The vulnerability arises due to the lack of proper handling of PATH_CHALLENGE frames, leading to QUIC connections becoming congested. Versions of quiche greater than 0.19.0 have addressed this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

CloudFlare

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tc3_dn
https://www.cve.org/CVERecord?id=CVE-2023-6193
https://nvd.nist.gov/vuln/detail/CVE-2023-6193

Back to Vulnerability Database

CVE-2023-6193

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations