GHSA-rfhg-rjfp-9q8q: Potential denial of service after connection migration

July 24, 2023

An issue in s2n-quic results in the endpoint shutting down due to a combination of peer-initiated connection migration and duplicate new connection ID frames being received. No AWS services are affected by this issue, and customers of AWS services do not need to take action.

Impacted versions: <=v1.24.0

References

github.com/advisories/GHSA-rfhg-rjfp-9q8q
github.com/aws/s2n-quic
github.com/aws/s2n-quic/commit/73a814240c5db6fae261a6e4ab567b0b094a35db
github.com/aws/s2n-quic/security/advisories/GHSA-rfhg-rjfp-9q8q

Code Behaviors & Features

Detect and mitigate GHSA-rfhg-rjfp-9q8q with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →