以下是根据截图整理的关于漏洞的关键信息,使用简洁的Markdown格式呈现: 漏洞概述 Package: quickly CVE ID: CVE-2025-61684 GHSA: GHSA-wr3c-345m-43v9 Severity: High (7.5/10) 影响 Affected versions: commits up to 5d08216 Description: 远程攻击者可通过触发断言失败导致quickly崩溃,进而造成拒绝服务攻击。 Impact: 由于快速处理无效QUIC帧时的bug,攻击者可以触发断言失败,导致进程崩溃,同时影响其他 innocent 连接。 补丁信息 Patched versions: commits d9d3df6 and above CVSS v3 基础指标 Attack vector: Network Attack complexity: Low Privileges required: None User interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High 致谢 Isa Jafarov (City University of New York) Choongin Lee (Korea University) Prof. Heejo Lee (Korea University) Prof. Sven Dietrich (City University of New York)