Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:cargo/quiche@0.19.1
Typecargo
Namespace
Namequiche
Version0.19.1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version0.19.2
Latest_non_vulnerable_version0.24.5
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-arws-exmk-fkdp
vulnerability_id VCID-arws-exmk-fkdp
summary 
Unbounded queuing of path validation messages in cloudflare-quiche
### Impact
quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption.

QUIC path validation ([RFC 9000 Section 8.2](https://datatracker.ietf.org/doc/html/rfc9000#section-8.2)) requires that the recipient of a PATH_CHALLENGE frame responds by sending a PATH_RESPONSE. An unauthenticated remote attacker can exploit the vulnerability by sending PATH_CHALLENGE frames and manipulating the connection (e.g. by restricting the peer's congestion window size) so that PATH_RESPONSE frames can only be sent at the slower rate than they are received, leading to storage of path validation data in an unbounded queue.

### Patches
Quiche versions greater than 0.19.0 address this problem.

### References
[CVE-2023-6193](https://www.cve.org/CVERecord?id=CVE-2023-6193)
[RFC 9000 Section 8.2](https://datatracker.ietf.org/doc/html/rfc9000#section-8.2)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6193
reference_id
reference_type
scores
0
value 0.00423
scoring_system epss
scoring_elements 0.62123
published_at 2026-04-04T12:55:00Z
1
value 0.00423
scoring_system epss
scoring_elements 0.6218
published_at 2026-04-21T12:55:00Z
2
value 0.00423
scoring_system epss
scoring_elements 0.62196
published_at 2026-04-18T12:55:00Z
3
value 0.00423
scoring_system epss
scoring_elements 0.62191
published_at 2026-04-16T12:55:00Z
4
value 0.00423
scoring_system epss
scoring_elements 0.62147
published_at 2026-04-13T12:55:00Z
5
value 0.00423
scoring_system epss
scoring_elements 0.62168
published_at 2026-04-12T12:55:00Z
6
value 0.00423
scoring_system epss
scoring_elements 0.62179
published_at 2026-04-11T12:55:00Z
7
value 0.00423
scoring_system epss
scoring_elements 0.62142
published_at 2026-04-08T12:55:00Z
8
value 0.00423
scoring_system epss
scoring_elements 0.62091
published_at 2026-04-07T12:55:00Z
9
value 0.00423
scoring_system epss
scoring_elements 0.6216
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6193
1
reference_url https://datatracker.ietf.org/doc/html/rfc9000#section-8.2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://datatracker.ietf.org/doc/html/rfc9000#section-8.2
2
reference_url https://github.com/cloudflare/quiche
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/cloudflare/quiche
3
reference_url https://github.com/cloudflare/quiche/commit/ea7ecf39ae28ab24cf1785c1674dc2e8a076f9ca
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/cloudflare/quiche/commit/ea7ecf39ae28ab24cf1785c1674dc2e8a076f9ca
4
reference_url https://github.com/cloudflare/quiche/security/advisories/GHSA-w3vp-jw9m-f9pm
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/cloudflare/quiche/security/advisories/GHSA-w3vp-jw9m-f9pm
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6193
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6193
6
reference_url https://github.com/advisories/GHSA-w3vp-jw9m-f9pm
reference_id GHSA-w3vp-jw9m-f9pm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w3vp-jw9m-f9pm
fixed_packages
0
url pkg:cargo/quiche@0.19.1
purl pkg:cargo/quiche@0.19.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:cargo/quiche@0.19.1
aliases CVE-2023-6193, GHSA-w3vp-jw9m-f9pm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-arws-exmk-fkdp
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:cargo/quiche@0.19.1