CVE-2026-31812

Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed quic_transport_parameters. In quinn-proto parsing logic, attacker-controlled varints are decoded with unwrap(), so truncated encodings cause Err(UnexpectedEnd) and panic. This is reachable over the network with a single packet and no prior trust or authentication. This vulnerability is fixed in 0.11.14.

CVSS

No CVSS.

References

Link	Resource
https://github.com/quinn-rs/quinn/security/advisories/GHSA-6xvm-j4wr-6v98

Configurations

No configuration.

History

11 Mar 2026, 13:52

Type	Values Removed	Values Added
Summary		(es) Quinn es una implementación pure-Rust, compatible con async, del protocolo de transporte QUIC del IETF. Antes de la 0.11.14, un atacante remoto no autenticado puede desencadenar una denegación de servicio en aplicaciones que utilizan versiones vulnerables de quinn al enviar un paquete QUIC Initial manipulado que contiene parámetros de transporte QUIC malformados. En la lógica de análisis de quinn-proto, los varints controlados por el atacante se decodifican con unwrap(), por lo que las codificaciones truncadas causan Err(UnexpectedEnd) y pánico. Esto es alcanzable a través de la red con un solo paquete y sin confianza o autenticación previa. Esta vulnerabilidad está corregida en la versión 0.11.14.

10 Mar 2026, 22:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-10 22:16

Updated : 2026-03-11 13:52

NVD link : CVE-2026-31812

Mitre link : CVE-2026-31812

CVE.ORG link : CVE-2026-31812

JSON object : View

Products Affected

No product.

CWE

CWE-248

Uncaught Exception

{"id": "CVE-2026-31812", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-10T22:16:18.840", "references": [{"url": "https://github.com/quinn-rs/quinn/security/advisories/GHSA-6xvm-j4wr-6v98", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-248"}]}], "descriptions": [{"lang": "en", "value": "Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed quic_transport_parameters. In quinn-proto parsing logic, attacker-controlled varints are decoded with unwrap(), so truncated encodings cause Err(UnexpectedEnd) and panic. This is reachable over the network with a single packet and no prior trust or authentication. This vulnerability is fixed in 0.11.14."}, {"lang": "es", "value": "Quinn es una implementaci\u00f3n pure-Rust, compatible con async, del protocolo de transporte QUIC del IETF. Antes de la 0.11.14, un atacante remoto no autenticado puede desencadenar una denegaci\u00f3n de servicio en aplicaciones que utilizan versiones vulnerables de quinn al enviar un paquete QUIC Initial manipulado que contiene par\u00e1metros de transporte QUIC malformados. En la l\u00f3gica de an\u00e1lisis de quinn-proto, los varints controlados por el atacante se decodifican con unwrap(), por lo que las codificaciones truncadas causan Err(UnexpectedEnd) y p\u00e1nico. Esto es alcanzable a trav\u00e9s de la red con un solo paquete y sin confianza o autenticaci\u00f3n previa. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 0.11.14."}], "lastModified": "2026-03-11T13:52:47.683", "sourceIdentifier": "security-advisories@github.com"}