Duty Analyst: Joseph McCarthy
← Back to CVE list

CVE-2026-31812

Published: 2026-03-10 22:16:19 | Last modified: 2026-04-16 14:47:17

HIGH CVSS 8.7
No EPSS data

Description

Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed quic_transport_parameters. In quinn-proto parsing logic, attacker-controlled varints are decoded with unwrap(), so truncated encodings cause Err(UnexpectedEnd) and panic. This is reachable over the network with a single packet and no prior trust or authentication. This vulnerability is fixed in 0.11.14.

CVSS details

Severity
high
Score
8.7
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS

This CVE is not currently listed in the EPSS dataset.

Show JSON 
{
    "cve": {
        "id": "CVE-2026-31812",
        "cveTags": [],
        "metrics": {
            "cvssMetricV40": [
                {
                    "type": "Secondary",
                    "source": "security-advisories@github.com",
                    "cvssData": {
                        "Safety": "NOT_DEFINED",
                        "version": "4.0",
                        "Recovery": "NOT_DEFINED",
                        "baseScore": 8.7,
                        "Automatable": "NOT_DEFINED",
                        "attackVector": "NETWORK",
                        "baseSeverity": "HIGH",
                        "valueDensity": "NOT_DEFINED",
                        "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
                        "exploitMaturity": "NOT_DEFINED",
                        "providerUrgency": "NOT_DEFINED",
                        "userInteraction": "NONE",
                        "attackComplexity": "LOW",
                        "attackRequirements": "NONE",
                        "privilegesRequired": "NONE",
                        "subIntegrityImpact": "NONE",
                        "vulnIntegrityImpact": "NONE",
                        "integrityRequirement": "NOT_DEFINED",
                        "modifiedAttackVector": "NOT_DEFINED",
                        "subAvailabilityImpact": "NONE",
                        "vulnAvailabilityImpact": "HIGH",
                        "availabilityRequirement": "NOT_DEFINED",
                        "modifiedUserInteraction": "NOT_DEFINED",
                        "modifiedAttackComplexity": "NOT_DEFINED",
                        "subConfidentialityImpact": "NONE",
                        "vulnConfidentialityImpact": "NONE",
                        "confidentialityRequirement": "NOT_DEFINED",
                        "modifiedAttackRequirements": "NOT_DEFINED",
                        "modifiedPrivilegesRequired": "NOT_DEFINED",
                        "modifiedSubIntegrityImpact": "NOT_DEFINED",
                        "modifiedVulnIntegrityImpact": "NOT_DEFINED",
                        "vulnerabilityResponseEffort": "NOT_DEFINED",
                        "modifiedSubAvailabilityImpact": "NOT_DEFINED",
                        "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
                        "modifiedSubConfidentialityImpact": "NOT_DEFINED",
                        "modifiedVulnConfidentialityImpact": "NOT_DEFINED"
                    }
                }
            ]
        },
        "published": "2026-03-10T22:16:18.840",
        "references": [
            {
                "url": "https://github.com/quinn-rs/quinn/security/advisories/GHSA-6xvm-j4wr-6v98",
                "source": "security-advisories@github.com"
            }
        ],
        "vulnStatus": "Deferred",
        "weaknesses": [
            {
                "type": "Primary",
                "source": "security-advisories@github.com",
                "description": [
                    {
                        "lang": "en",
                        "value": "CWE-248"
                    }
                ]
            }
        ],
        "descriptions": [
            {
                "lang": "en",
                "value": "Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed quic_transport_parameters. In quinn-proto parsing logic, attacker-controlled varints are decoded with unwrap(), so truncated encodings cause Err(UnexpectedEnd) and panic. This is reachable over the network with a single packet and no prior trust or authentication. This vulnerability is fixed in 0.11.14."
            },
            {
                "lang": "es",
                "value": "Quinn es una implementaci\u00f3n pure-Rust, compatible con async, del protocolo de transporte QUIC del IETF. Antes de la 0.11.14, un atacante remoto no autenticado puede desencadenar una denegaci\u00f3n de servicio en aplicaciones que utilizan versiones vulnerables de quinn al enviar un paquete QUIC Initial manipulado que contiene par\u00e1metros de transporte QUIC malformados. En la l\u00f3gica de an\u00e1lisis de quinn-proto, los varints controlados por el atacante se decodifican con unwrap(), por lo que las codificaciones truncadas causan Err(UnexpectedEnd) y p\u00e1nico. Esto es alcanzable a trav\u00e9s de la red con un solo paquete y sin confianza o autenticaci\u00f3n previa. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 0.11.14."
            }
        ],
        "lastModified": "2026-04-16T14:47:16.733",
        "sourceIdentifier": "security-advisories@github.com"
    }
}