Browse all 3 CVE security advisories affecting quinn-rs. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Quinn-rs is a Rust implementation of QUIC, a modern transport protocol designed for low-latency internet communications. Historically, it has been susceptible to remote code execution vulnerabilities due to integer overflows and buffer handling issues, along with cross-site scripting flaws in web applications using its libraries. The project has also experienced privilege escalation risks through improper access control in its API implementations. With three CVEs recorded, these primarily involve memory corruption and protocol parsing weaknesses. While no major public security incidents have been documented, the consistent pattern of memory-related vulnerabilities suggests careful input validation and bounds checking remain critical for secure deployment.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-31812 | Quinn affected by unauthenticated remote DoS via panic in QUIC transport parameter parsing — quinnCWE-248 | 7.5 | - | 2026-03-10 |
| CVE-2024-45311 | Denial of service in quinn-proto when using `Endpoint::retry()` — quinnCWE-670 | 7.5 | High | 2024-09-02 |
| CVE-2023-42805 | quinn-proto Denial of Service vulnerability — quinnCWE-20 | 7.5 | High | 2023-09-21 |
This page lists every published CVE security advisory associated with quinn-rs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.