CVE-2024-1765— Unlimited resource allocation by QUIC CRYPTO frames flooding in quiche
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-1765
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unlimited resource allocation by QUIC CRYPTO frames flooding in quiche
Source: NVD (National Vulnerability Database)
Vulnerability Description
Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client. A remote attacker could take advantage of this vulnerability by repeatedly sending an unlimited number of 1-RTT CRYPTO frames after previously completing the QUIC handshake. Exploitation was possible for the duration of the connection which could be extended by the attacker. quiche 0.19.2 and 0.20.1 are the earliest versions containing the fix for this issue.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cloudflare quiche 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
quiche是Cloudflare开源的一个 IETF 指定的 QUIC 传输协议和 HTTP/3 的实现。 Cloudflare quiche 0.19.1之前、0.20.0版本存在安全漏洞,该漏洞源于QUIC CRYPTO 帧在quiche中泛滥,导致运行 quiche 服务器或客户端的系统内存使用量快速增加。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cloudflare | quiche | 0.15.0 ~ <0.19.1 | - |
II. Public POCs for CVE-2024-1765
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-1765
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: quiche
- CVE-2025-7054
Infinite loop triggered by connection ID retirement - CVE-2025-4821
Incorrect congestion window growth by invalid ACK ranges - CVE-2025-4820
Incorrect congestion window growth by optimistic ACK - CVE-2024-1410
Unbounded storage of information related to connection ID re - CVE-2023-6193
Unbounded queuing of path validation messages in cloudflare-
Same vendor: Cloudflare
- CVE-2026-2836
Cache poisoning via insecure-by-default cache key - CVE-2026-2835
HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Mi - CVE-2026-2833
HTTP Request Smuggling via Premature Upgrade - CVE-2026-1229
Incorrect calculation in CIRCL secp384r1 CombinedMult - CVE-2026-0933
OS Command Injection in `wrangler pages deploy`
Same weakness: CWE-400
- CVE-2026-8187
Open5GS UPF gtp-path.c _gtpv1_u_recv_cb resource consumption - CVE-2026-42343
FastGPT: Uncontrolled Resource Consumption leading to Sandbo - CVE-2026-42212
SolidCAM-GPPL-IDE: XML External Entity (XXE) and billion-lau - CVE-2026-32686
Unbounded exponent in decimal enables unauthenticated DoS - CVE-2026-20188
Cisco Crosswork Network Controller and Cisco Network Service
V. Comments for CVE-2024-1765
No comments yet