quinn-proto is vulnerable to Unlimited Resource Consumption
75
High Risk
The Assembler component that assembles unordered stream fragments into consecutive chunks of the stream incurs some overhead for non-contiguous fragments. Readers that read from a RecvStream in order (through an AsyncRead impl for example) will be sensitive to peers that send fragments while leaving out early parts of the stream, and in particular, fragments with many gaps (because these cannot be defragmented). In such a scenario, the receiving connection suffers from high buffer overhead, enabling memory exhaustion.
You are affected if you are using a version that falls within the vulnerable range.
quinn-proto is vulnerable to Unlimited Resource Consumption in versions 0.1.0 - 0.11.14.
Upgrade the quinn-proto library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant