CVE-2024-53259— quic-go 数据伪造问题漏洞

quic-go affected by an ICMP Packet Too Large Injection Attack on Linux

quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IP_PMTUDISC_DO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceeds the MTU claimed in that ICMP packet. By setting this value to smaller than 1200 bytes (the minimum MTU for QUIC), the attacker can disrupt a QUIC connection. Crucially, this can be done after completion of the handshake, thereby circumventing any TCP fallback that might be implemented on the application layer (for example, many browsers fall back to HTTP over TCP if they're unable to establish a QUIC connection). The attacker needs to at least know the client's IP and port tuple to mount an attack. This vulnerability is fixed in 0.48.2.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

对数据真实性的验证不充分

quic-go 数据伪造问题漏洞

quic-go是Lucas Clemente个人开发者的一种 QUIC 协议、RFC 9000协议在 Go 中的实现。 quic-go v0.48.1之前版本存在数据伪造问题漏洞，该漏洞源于ICMP Packet Too Large消息处理不当，可能允许路径外攻击者通过注入此类数据包来中断QUIC连接，即使在握手完成后也能实施攻击，从而绕过了应用层上可能实现的TCP回退机制。

N/A

N/A