HIGH 7.5 NuGet
MsQuic Remote Denial of Service Vulnerability
GHSA-fr44-546p-7xcp · BIT-dotnet-2023-36435 · BIT-dotnet-sdk-2023-36435 · CVE-2023-36435
Published · Modified
Description
Impact
The MsQuic server will continue to leak memory until no more is available, resulting in a denial of service.
Patches
The following patch was made:
- Fix Memory Leak from Multiple Decodes of TP - https://github.com/microsoft/msquic/commit/d364feeda0dd8b729eca6fef149c1ef98630f0cb
Workarounds
Beyond upgrading to the patched versions, there is no other workaround.
References
- WEB https://github.com/microsoft/msquic/security/advisories/GHSA-fr44-546p-7xcp
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-36435
- WEB https://github.com/microsoft/msquic/commit/d364feeda0dd8b729eca6fef149c1ef98630f0cb
- PACKAGE https://github.com/microsoft/msquic
- WEB https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36435
Ready to move
Start Securing
Free, no credit card | First findings in minutes