漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Quicly: Remote Denial of Service via assertion failure when CRYPTO stream handshake data exceeds 32KB
Vulnerability Description
Quicly is an IETF QUIC protocol implementation intended primarily for use within the H2O HTTP server. Prior to commit 937d0e9, an assertion failure is raised when the total number of valid handshake messages received over a CRYPTO stream of a single packet number space exceeds 32KB, causing a Denial of Service. This issue has been fixed by commit 937d0e9.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
可达断言
Vulnerability Title
H2O quicly 资源管理错误漏洞
Vulnerability Description
H2O quicly是H2O公司开源的一个 IETF QUIC 协议的实现。 H2O quicly 937d0e9之前版本存在安全漏洞,该漏洞源于CRYPTO流中有效握手消息超过32KB时触发断言失败,导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A