CVE-2023-6193

quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation (RFC 9000 Section 8.2) requires that the recipient of a PATH_CHALLENGE frame responds by sending a PATH_RESPONSE. An unauthenticated remote attacker can exploit the vulnerability by sending PATH_CHALLENGE frames and manipulating the connection (e.g. by restricting the peer's congestion window size) so that PATH_RESPONSE frames can only be sent at the slower rate than they are received; leading to storage of path validation data in an unbounded queue. Quiche versions greater than 0.19.0 address this problem.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://datatracker.ietf.org/doc/html/rfc9000#section-8.2	Technical Description
https://github.com/cloudflare/quiche/security/advisories/GHSA-w3vp-jw9m-f9pm	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cloudflare:quiche:*:*:*:*:*:*:*:*

History

14 Dec 2023, 20:19

Type	Values Removed	Values Added
CWE		CWE-400
References	~~() https://github.com/cloudflare/quiche/security/advisories/GHSA-w3vp-jw9m-f9pm -~~	() https://github.com/cloudflare/quiche/security/advisories/GHSA-w3vp-jw9m-f9pm - Vendor Advisory
References	~~() https://datatracker.ietf.org/doc/html/rfc9000#section-8.2 -~~	() https://datatracker.ietf.org/doc/html/rfc9000#section-8.2 - Technical Description
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
CPE		cpe:2.3:a:cloudflare:quiche::::::::

12 Dec 2023, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-12 14:15

Updated : 2024-02-05 00:22

NVD link : CVE-2023-6193

Mitre link : CVE-2023-6193

CVE.ORG link : CVE-2023-6193

JSON object : View

Products Affected

cloudflare

quiche

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2023-6193", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cna@cloudflare.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2023-12-12T14:15:07.797", "references": [{"url": "https://datatracker.ietf.org/doc/html/rfc9000#section-8.2", "tags": ["Technical Description"], "source": "cna@cloudflare.com"}, {"url": "https://github.com/cloudflare/quiche/security/advisories/GHSA-w3vp-jw9m-f9pm", "tags": ["Vendor Advisory"], "source": "cna@cloudflare.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Secondary", "source": "cna@cloudflare.com", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption.\nQUIC path validation (RFC 9000 Section 8.2) requires that the recipient of a PATH_CHALLENGE frame responds by sending a PATH_RESPONSE. An unauthenticated remote attacker can exploit the vulnerability by sending PATH_CHALLENGE frames and manipulating the connection (e.g. by restricting the peer's congestion window size) so that PATH_RESPONSE frames can only be sent at the slower rate than they are received; leading to storage of path validation data in an unbounded queue. \nQuiche versions greater than 0.19.0 address this problem."}, {"lang": "es", "value": "Se descubri\u00f3 que quiche v. 0.15.0 a 0.19.0 era vulnerable a colas ilimitadas de mensajes de validaci\u00f3n de ruta, lo que podr\u00eda provocar un consumo excesivo de recursos. La validaci\u00f3n de ruta QUIC (RFC 9000 Secci\u00f3n 8.2) requiere que el destinatario de una trama PATH_CHALLENGE responda enviando una PATH_RESPONSE. Un atacante remoto no autenticado puede explotar la vulnerabilidad enviando tramas PATH_CHALLENGE y manipulando la conexi\u00f3n (por ejemplo, restringiendo el tama\u00f1o de la ventana de congesti\u00f3n del par) de modo que las tramas PATH_RESPONSE s\u00f3lo puedan enviarse a una velocidad m\u00e1s lenta de la que se reciben; lo que lleva al almacenamiento de datos de validaci\u00f3n de ruta en una cola ilimitada. Las versiones de Quiche superiores a 0.19.0 solucionan este problema."}], "lastModified": "2023-12-14T20:19:39.233", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cloudflare:quiche:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "754F9BC1-68D8-4071-A987-42FFCD3AE06D", "versionEndIncluding": "0.19.0", "versionStartIncluding": "0.15.0"}], "operator": "OR"}]}], "sourceIdentifier": "cna@cloudflare.com"}