Advisories for Cargo/Quinn-Proto package

A remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed quic_transport_parameters. In quinn-proto parsing logic, attacker-controlled varints are decoded with unwrap(), so truncated encodings cause Err(UnexpectedEnd) and panic. This is reachable over the network with a single packet and no prior trust or authentication.

As of quinn-proto 0.11, it is possible for a server to accept(), retry(), refuse(), or ignore() an Incoming connection. However, calling retry() on an unvalidated connection exposes the server to a likely panic in the following situations: Calling refuse or ignore on the resulting validated connection, if a duplicate initial packet is received This issue can go undetected until a server's refuse()/ignore() code path is exercised, such as to stop …

Receiving unknown QUIC frames in a QUIC packet could result in a panic.