GHSA-2x7m-gf85-3745: Remote Denial of Service Vulnerability in Microsoft QUIC
Impact
The MsQuic server will continue to leak memory until no more is available, resulting in a denial of service.
Patches
The following patch was made:
- Fix Memory Leak from Multiple Decodes of TP - https://github.com/microsoft/msquic/commit/5d070d661c45979946615289e92bb6b822efe9e9
Workarounds
Beyond upgrading to the patched versions, there is no other workaround.
MSRC CVE Info
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190
References
- github.com/advisories/GHSA-2x7m-gf85-3745
- github.com/microsoft/msquic
- github.com/microsoft/msquic/commit/5d070d661c45979946615289e92bb6b822efe9e9
- github.com/microsoft/msquic/commit/933f7b79949bc588945672396d70b661143bb8f0
- github.com/microsoft/msquic/security/advisories/GHSA-2x7m-gf85-3745
- msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190
Code Behaviors & Features
Detect and mitigate GHSA-2x7m-gf85-3745 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →