quinn-proto

crates.io3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting quinn-protopage 1 of 1

CVE-2023-42805HIGHCVSS 7.5EG 7.5✓ Fixed in 0.10.5
2023-09-21
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases.
CVE-2024-45311HIGHCVSS 7.5EG 7.5✓ Fixed in 0.11.7
2024-09-02
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. As of quinn-proto 0.11, it is possible for a server to `accept()`, `retry()`, `refuse()`, or `ignore()` an `Incoming` connection. However, calling `…
CVE-2026-31812NONECVSS 0.0EG 0.0✓ Fixed in 0.11.14
2026-03-10
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a cr…

Check whether quinn-proto is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for quinn-proto CVEs against the assets you own.

Start Free Scan →