{"url":"http://public2.vulnerablecode.io/api/packages/626198?format=json","purl":"pkg:nuget/Microsoft.Native.Quic.MsQuic.OpenSSL@1.8.0","type":"nuget","namespace":"","name":"Microsoft.Native.Quic.MsQuic.OpenSSL","version":"1.8.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16926?format=json","vulnerability_id":"VCID-3gdg-wj5w-kqe8","summary":"Remote Denial of Service Vulnerability in Microsoft QUIC\n### Impact\nThe MsQuic server will continue to leak memory until no more is available, resulting in a denial of service.\n\n### Patches\nThe following patch was made:\n\n - Fix Memory Leak from Multiple Decodes of TP - https://github.com/microsoft/msquic/commit/5d070d661c45979946615289e92bb6b822efe9e9\n\n### Workarounds\nBeyond upgrading to the patched versions, there is no other workaround.\n\n### MSRC CVE Info\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190","references":[{"reference_url":"https://github.com/microsoft/msquic","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microsoft/msquic"},{"reference_url":"https://github.com/microsoft/msquic/commit/5d070d661c45979946615289e92bb6b822efe9e9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microsoft/msquic/commit/5d070d661c45979946615289e92bb6b822efe9e9"},{"reference_url":"https://github.com/microsoft/msquic/commit/933f7b79949bc588945672396d70b661143bb8f0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microsoft/msquic/commit/933f7b79949bc588945672396d70b661143bb8f0"},{"reference_url":"https://github.com/microsoft/msquic/security/advisories/GHSA-2x7m-gf85-3745","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microsoft/msquic/security/advisories/GHSA-2x7m-gf85-3745"},{"reference_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190"},{"reference_url":"https://github.com/advisories/GHSA-2x7m-gf85-3745","reference_id":"GHSA-2x7m-gf85-3745","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2x7m-gf85-3745"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56579?format=json","purl":"pkg:nuget/Microsoft.Native.Quic.MsQuic.OpenSSL@2.1.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.Native.Quic.MsQuic.OpenSSL@2.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/56584?format=json","purl":"pkg:nuget/Microsoft.Native.Quic.MsQuic.OpenSSL@2.2.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.Native.Quic.MsQuic.OpenSSL@2.2.7"},{"url":"http://public2.vulnerablecode.io/api/packages/56585?format=json","purl":"pkg:nuget/Microsoft.Native.Quic.MsQuic.OpenSSL@2.3.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.Native.Quic.MsQuic.OpenSSL@2.3.5"}],"aliases":["GHSA-2x7m-gf85-3745"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3gdg-wj5w-kqe8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19336?format=json","vulnerability_id":"VCID-nbrm-hm8z-63h9","summary":"MsQuic Remote Denial of Service Vulnerability\nMicrosoft QUIC Denial of Service Vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36435.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36435.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36435","reference_id":"","reference_type":"","scores":[{"value":"0.02842","scoring_system":"epss","scoring_elements":"0.86251","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02842","scoring_system":"epss","scoring_elements":"0.86241","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02842","scoring_system":"epss","scoring_elements":"0.8622","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02842","scoring_system":"epss","scoring_elements":"0.8623","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02842","scoring_system":"epss","scoring_elements":"0.86223","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02842","scoring_system":"epss","scoring_elements":"0.86207","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02842","scoring_system":"epss","scoring_elements":"0.86211","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02842","scoring_system":"epss","scoring_elements":"0.86214","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02842","scoring_system":"epss","scoring_elements":"0.86199","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02842","scoring_system":"epss","scoring_elements":"0.86188","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02842","scoring_system":"epss","scoring_elements":"0.86169","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02842","scoring_system":"epss","scoring_elements":"0.86168","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02842","scoring_system":"epss","scoring_elements":"0.86153","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0304","scoring_system":"epss","scoring_elements":"0.86817","published_at":"2026-05-15T12:55:00Z"},{"value":"0.0304","scoring_system":"epss","scoring_elements":"0.86735","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0304","scoring_system":"epss","scoring_elements":"0.86753","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0304","scoring_system":"epss","scoring_elements":"0.8677","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0304","scoring_system":"epss","scoring_elements":"0.86765","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0304","scoring_system":"epss","scoring_elements":"0.86778","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0304","scoring_system":"epss","scoring_elements":"0.86808","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36435"},{"reference_url":"https://github.com/microsoft/msquic","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microsoft/msquic"},{"reference_url":"https://github.com/microsoft/msquic/commit/d364feeda0dd8b729eca6fef149c1ef98630f0cb","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microsoft/msquic/commit/d364feeda0dd8b729eca6fef149c1ef98630f0cb"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2242805","reference_id":"2242805","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2242805"},{"reference_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36435","reference_id":"CVE-2023-36435","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:50:08Z/"}],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36435"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36435","reference_id":"CVE-2023-36435","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36435"},{"reference_url":"https://github.com/advisories/GHSA-fr44-546p-7xcp","reference_id":"GHSA-fr44-546p-7xcp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fr44-546p-7xcp"},{"reference_url":"https://github.com/microsoft/msquic/security/advisories/GHSA-fr44-546p-7xcp","reference_id":"GHSA-fr44-546p-7xcp","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microsoft/msquic/security/advisories/GHSA-fr44-546p-7xcp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60405?format=json","purl":"pkg:nuget/Microsoft.Native.Quic.MsQuic.OpenSSL@2.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.Native.Quic.MsQuic.OpenSSL@2.2.3"}],"aliases":["CVE-2023-36435","GHSA-fr44-546p-7xcp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nbrm-hm8z-63h9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19337?format=json","vulnerability_id":"VCID-yc75-kr14-auh5","summary":"Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel\nMicrosoft QUIC Denial of Service Vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38171.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38171.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38171","reference_id":"","reference_type":"","scores":[{"value":"0.08991","scoring_system":"epss","scoring_elements":"0.92632","published_at":"2026-04-26T12:55:00Z"},{"value":"0.08991","scoring_system":"epss","scoring_elements":"0.92629","published_at":"2026-04-21T12:55:00Z"},{"value":"0.08991","scoring_system":"epss","scoring_elements":"0.92626","published_at":"2026-04-18T12:55:00Z"},{"value":"0.08991","scoring_system":"epss","scoring_elements":"0.92627","published_at":"2026-04-29T12:55:00Z"},{"value":"0.08991","scoring_system":"epss","scoring_elements":"0.92615","published_at":"2026-04-12T12:55:00Z"},{"value":"0.08991","scoring_system":"epss","scoring_elements":"0.92614","published_at":"2026-04-13T12:55:00Z"},{"value":"0.08991","scoring_system":"epss","scoring_elements":"0.92608","published_at":"2026-04-09T12:55:00Z"},{"value":"0.08991","scoring_system":"epss","scoring_elements":"0.92603","published_at":"2026-04-08T12:55:00Z"},{"value":"0.08991","scoring_system":"epss","scoring_elements":"0.92592","published_at":"2026-04-07T12:55:00Z"},{"value":"0.08991","scoring_system":"epss","scoring_elements":"0.92585","published_at":"2026-04-02T12:55:00Z"},{"value":"0.08991","scoring_system":"epss","scoring_elements":"0.92591","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0987","scoring_system":"epss","scoring_elements":"0.93081","published_at":"2026-05-15T12:55:00Z"},{"value":"0.0987","scoring_system":"epss","scoring_elements":"0.93016","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0987","scoring_system":"epss","scoring_elements":"0.93032","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0987","scoring_system":"epss","scoring_elements":"0.93043","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0987","scoring_system":"epss","scoring_elements":"0.93047","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0987","scoring_system":"epss","scoring_elements":"0.93053","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0987","scoring_system":"epss","scoring_elements":"0.93076","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38171"},{"reference_url":"https://github.com/microsoft/msquic","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microsoft/msquic"},{"reference_url":"https://github.com/microsoft/msquic/commit/3226cff07d22662f16fc98d605656860e64cd343","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microsoft/msquic/commit/3226cff07d22662f16fc98d605656860e64cd343"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2242804","reference_id":"2242804","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2242804"},{"reference_url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171","reference_id":"CVE-2023-38171","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T21:50:15Z/"}],"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38171","reference_id":"CVE-2023-38171","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38171"},{"reference_url":"https://github.com/advisories/GHSA-xh5m-8qqp-c5x7","reference_id":"GHSA-xh5m-8qqp-c5x7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xh5m-8qqp-c5x7"},{"reference_url":"https://github.com/microsoft/msquic/security/advisories/GHSA-xh5m-8qqp-c5x7","reference_id":"GHSA-xh5m-8qqp-c5x7","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/microsoft/msquic/security/advisories/GHSA-xh5m-8qqp-c5x7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60405?format=json","purl":"pkg:nuget/Microsoft.Native.Quic.MsQuic.OpenSSL@2.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.Native.Quic.MsQuic.OpenSSL@2.2.3"}],"aliases":["CVE-2023-38171","GHSA-xh5m-8qqp-c5x7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yc75-kr14-auh5"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.Native.Quic.MsQuic.OpenSSL@1.8.0"}