Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-3gdg-wj5w-kqe8

Summary

Remote Denial of Service Vulnerability in Microsoft QUIC
### Impact
The MsQuic server will continue to leak memory until no more is available, resulting in a denial of service.

### Patches
The following patch was made:

 - Fix Memory Leak from Multiple Decodes of TP - https://github.com/microsoft/msquic/commit/5d070d661c45979946615289e92bb6b822efe9e9

### Workarounds
Beyond upgrading to the patched versions, there is no other workaround.

### MSRC CVE Info
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190

Aliases

alias	GHSA-2x7m-gf85-3745

Fixed_packages

Affected_packages

url pkg:nuget/Microsoft.Native.Quic.MsQuic.OpenSSL@1.8.0

purl pkg:nuget/Microsoft.Native.Quic.MsQuic.OpenSSL@1.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3gdg-wj5w-kqe8

vulnerability	VCID-nbrm-hm8z-63h9

vulnerability	VCID-yc75-kr14-auh5

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.Native.Quic.MsQuic.OpenSSL@1.8.0

url pkg:nuget/Microsoft.Native.Quic.MsQuic.OpenSSL@2.2.0

purl pkg:nuget/Microsoft.Native.Quic.MsQuic.OpenSSL@2.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3gdg-wj5w-kqe8

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.Native.Quic.MsQuic.OpenSSL@2.2.0

url pkg:nuget/Microsoft.Native.Quic.MsQuic.OpenSSL@2.3.0

purl pkg:nuget/Microsoft.Native.Quic.MsQuic.OpenSSL@2.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3gdg-wj5w-kqe8

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.Native.Quic.MsQuic.OpenSSL@2.3.0

url pkg:nuget/Microsoft.Native.Quic.MsQuic.Schannel@2.2.0

purl pkg:nuget/Microsoft.Native.Quic.MsQuic.Schannel@2.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3gdg-wj5w-kqe8

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.Native.Quic.MsQuic.Schannel@2.2.0

url pkg:nuget/Microsoft.Native.Quic.MsQuic.Schannel@2.3.0

purl pkg:nuget/Microsoft.Native.Quic.MsQuic.Schannel@2.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3gdg-wj5w-kqe8

resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.Native.Quic.MsQuic.Schannel@2.3.0

References

reference_url

https://github.com/microsoft/msquic

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/microsoft/msquic

reference_url

https://github.com/microsoft/msquic/commit/5d070d661c45979946615289e92bb6b822efe9e9

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/microsoft/msquic/commit/5d070d661c45979946615289e92bb6b822efe9e9

reference_url

https://github.com/microsoft/msquic/commit/933f7b79949bc588945672396d70b661143bb8f0

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/microsoft/msquic/commit/933f7b79949bc588945672396d70b661143bb8f0

reference_url

https://github.com/microsoft/msquic/security/advisories/GHSA-2x7m-gf85-3745

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/microsoft/msquic/security/advisories/GHSA-2x7m-gf85-3745

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190

reference_url

https://github.com/advisories/GHSA-2x7m-gf85-3745

reference_id

GHSA-2x7m-gf85-3745

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2x7m-gf85-3745

Weaknesses

cwe_id	401
name	Missing Release of Memory after Effective Lifetime
description	The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3gdg-wj5w-kqe8

Vulnerability Instance