HIGH 7.5 NuGet
Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel
GHSA-xh5m-8qqp-c5x7 · BIT-dotnet-2023-38171 · BIT-dotnet-sdk-2023-38171 · CVE-2023-38171
Published · Modified
Description
Impact
The MsQuic server application or process will crash, resulting in a denial of service.
Patches
The following patch was made:
- Don't Allow Version Negotiation Packets for Server Connections - https://github.com/microsoft/msquic/commit/3226cff07d22662f16fc98d605656860e64cd343
Workarounds
Beyond upgrading to the patched versions, there is no other workaround. You must upgrade or disable MsQuic functionality.
References
- WEB https://github.com/microsoft/msquic/security/advisories/GHSA-xh5m-8qqp-c5x7
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-38171
- WEB https://github.com/microsoft/msquic/commit/3226cff07d22662f16fc98d605656860e64cd343
- PACKAGE https://github.com/microsoft/msquic
- WEB https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171
Ready to move
Start Securing
Free, no credit card | First findings in minutes