Advisories for Nuget/Microsoft.Native.Quic.MsQuic.OpenSSL package

2024

Remote Denial of Service Vulnerability in Microsoft QUIC

Impact The MsQuic server will continue to leak memory until no more is available, resulting in a denial of service. Patches The following patch was made: Fix Memory Leak from Multiple Decodes of TP - https://github.com/microsoft/msquic/commit/5d070d661c45979946615289e92bb6b822efe9e9 Workarounds Beyond upgrading to the patched versions, there is no other workaround. MSRC CVE Info https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190

2023