CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
17.0%
Microsoft QUIC is vulnerable to Denial Of Service (DoS). The vulnerability is caused by holding onto failed connections, leading to continuous memory consumption until exhaustion, resulting in Denial of Service. Note that this vulnerability is not exploitable on .NET-based web servers running on Windows.
github.com/advisories/GHSA-2x7m-gf85-3745
github.com/dotnet/announcements/issues/300
github.com/dotnet/runtime/security/advisories/GHSA-4prj-ff7h-5wr3
github.com/microsoft/msquic/commit/5d070d661c45979946615289e92bb6b822efe9e9
github.com/microsoft/msquic/commit/933f7b79949bc588945672396d70b661143bb8f0
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190