You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2024 22189
About this tag
CVE-2024-22189 is a high-severity denial-of-service vulnerability in the Go implementation of the QUIC protocol, quic-go. Discovered in April 2024, the flaw allows a remote attacker to exhaust a peer's memory by abusing QUIC's Connection ID management, leading to process memory exhaustion and denial of service. This is not a cryptographic or data theft issue but an operational availability risk. The tag covers discussions on the vulnerability's impact, patch guidance, and mitigation strategies for systems using quic-go, particularly in enterprise IT environments where QUIC is deployed for performance-critical communications.
On April 4, 2024 the QUIC ecosystem faced a high‑severity availability risk when researchers disclosed CVE‑2024‑22189: a memory‑exhaustion flaw in the popular Go implementation quic‑go that lets a remote attacker force a peer to consume unbounded memory by abusing QUIC’s Connection ID...