Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-18gf-znwv-aubu

Summary

QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack
An attacker can cause its peer to run out of memory by sending a large number of NEW_CONNECTION_ID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a RETIRE_CONNECTION_ID frame. The attacker can prevent the receiver from sending out (the vast majority of) these RETIRE_CONNECTION_ID frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate.

I published a more detailed description of the attack and its mitigation in this blog post: https://seemann.io/posts/2024-03-19-exploiting-quics-connection-id-management/.
I also presented this attack in the IETF QUIC working group session at IETF 119: https://youtu.be/JqXtYcZAtIA?si=nJ31QKLBSTRXY35U&t=3683

There's no way to mitigate this attack, please update quic-go to a version that contains the fix.

Aliases

alias	CVE-2024-22189

alias	GHSA-c33x-xqrf-c478

Fixed_packages

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=armv7&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=armv7&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=armv7&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=aarch64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=aarch64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=aarch64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=armv7&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=armv7&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=armv7&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=ppc64le&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=ppc64le&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=ppc64le&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=aarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=aarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=aarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=armhf&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=armhf&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=armv7&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=armv7&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=armv7&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=loongarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=loongarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=ppc64le&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=ppc64le&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=riscv64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=riscv64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=riscv64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=s390x&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=s390x&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=s390x&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=x86&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=x86&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=x86&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=x86_64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=x86_64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=x86_64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=aarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=aarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=aarch64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=armhf&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=armhf&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=armhf&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=ppc64le&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=ppc64le&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=ppc64le&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=riscv64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=riscv64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=riscv64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=s390x&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=s390x&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=s390x&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=x86&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=x86&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=x86&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=x86_64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=x86_64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=x86_64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=armhf&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=armhf&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=armhf&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=riscv64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=riscv64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=riscv64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=s390x&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=s390x&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=s390x&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=x86&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=x86&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=x86&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=x86_64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=x86_64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=x86_64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=armhf&distroversion=edge&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=armhf&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=armhf&distroversion=edge&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=armv7&distroversion=edge&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=armv7&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=armv7&distroversion=edge&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=ppc64le&distroversion=edge&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=ppc64le&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=ppc64le&distroversion=edge&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=riscv64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=riscv64&distroversion=edge&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=s390x&distroversion=edge&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=s390x&distroversion=edge&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=aarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=aarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=aarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=armv7&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=armv7&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=armv7&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=loongarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=loongarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=riscv64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=riscv64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=riscv64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=s390x&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=s390x&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=s390x&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=x86&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=x86&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=x86&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=x86_64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=x86_64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=x86_64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=aarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=aarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=loongarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=loongarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=loongarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=x86&distroversion=edge&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=x86_64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=x86_64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=x86_64&distroversion=edge&reponame=community

url	pkg:apk/alpine/kubo@0.28.0-r0?arch=armhf&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/kubo@0.28.0-r0?arch=armhf&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/kubo@0.28.0-r0%3Farch=armhf&distroversion=v3.22&reponame=community

url	pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.46.0-1?distro=trixie
purl	pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.46.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.46.0-1%3Fdistro=trixie

url	pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.46.0-2~bpo12%2B1
purl	pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.46.0-2~bpo12%2B1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.46.0-2~bpo12%252B1

url pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.50.1-2?distro=trixie

purl pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.50.1-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-apqf-t7ew-5fgw

vulnerability	VCID-qatc-a78d-8ufh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.50.1-2%3Fdistro=trixie

url	pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.59.0-2?distro=trixie
purl	pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.59.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.59.0-2%3Fdistro=trixie

url	pkg:golang/github.com/quic-go/quic-go@0.42.0
purl	pkg:golang/github.com/quic-go/quic-go@0.42.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/quic-go/quic-go@0.42.0

Affected_packages

url pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.19.3-1

purl pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.19.3-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18gf-znwv-aubu

vulnerability	VCID-3vjt-1se3-rbhc

vulnerability	VCID-apqf-t7ew-5fgw

vulnerability	VCID-qatc-a78d-8ufh

vulnerability	VCID-tw5q-cn78-vyda

vulnerability	VCID-u6kw-zxc9-q7gg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.19.3-1

url pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.19.3-1?distro=trixie

purl pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.19.3-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18gf-znwv-aubu

vulnerability	VCID-3vjt-1se3-rbhc

vulnerability	VCID-apqf-t7ew-5fgw

vulnerability	VCID-qatc-a78d-8ufh

vulnerability	VCID-tw5q-cn78-vyda

vulnerability	VCID-u6kw-zxc9-q7gg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.19.3-1%3Fdistro=trixie

url pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.29.0-1?distro=trixie

purl pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.29.0-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18gf-znwv-aubu

vulnerability	VCID-3vjt-1se3-rbhc

vulnerability	VCID-apqf-t7ew-5fgw

vulnerability	VCID-qatc-a78d-8ufh

vulnerability	VCID-tw5q-cn78-vyda

vulnerability	VCID-u6kw-zxc9-q7gg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.29.0-1%3Fdistro=trixie

url pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.29.0-1

purl pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.29.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18gf-znwv-aubu

vulnerability	VCID-3vjt-1se3-rbhc

vulnerability	VCID-apqf-t7ew-5fgw

vulnerability	VCID-qatc-a78d-8ufh

vulnerability	VCID-tw5q-cn78-vyda

vulnerability	VCID-u6kw-zxc9-q7gg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.29.0-1

url pkg:rpm/redhat/receptor@1.4.9-2?arch=el9ap

purl pkg:rpm/redhat/receptor@1.4.9-2?arch=el9ap

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18gf-znwv-aubu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/receptor@1.4.9-2%3Farch=el9ap

url pkg:rpm/redhat/receptor@1.4.9-2?arch=el8ap

purl pkg:rpm/redhat/receptor@1.4.9-2?arch=el8ap

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18gf-znwv-aubu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/receptor@1.4.9-2%3Farch=el8ap

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22189.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22189.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-22189

reference_id

reference_type

scores

value	0.00066
scoring_system	epss
scoring_elements	0.20629
published_at	2026-04-04T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20407
published_at	2026-04-21T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.2041
published_at	2026-04-18T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.2042
published_at	2026-04-13T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20475
published_at	2026-04-12T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.2052
published_at	2026-04-11T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20496
published_at	2026-04-09T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20438
published_at	2026-04-08T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20572
published_at	2026-04-02T12:55:00Z

value	0.00066
scoring_system	epss
scoring_elements	0.20357
published_at	2026-04-07T12:55:00Z

value	0.00089
scoring_system	epss
scoring_elements	0.2522
published_at	2026-04-29T12:55:00Z

value	0.00089
scoring_system	epss
scoring_elements	0.25274
published_at	2026-04-24T12:55:00Z

value	0.00089
scoring_system	epss
scoring_elements	0.25265
published_at	2026-04-26T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-22189

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22189
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22189

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/quic-go/quic-go

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/quic-go/quic-go

reference_url

https://github.com/quic-go/quic-go/commit/4a99b816ae3ab03ae5449d15aac45147c85ed47a

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-09T14:56:31Z/

url

https://github.com/quic-go/quic-go/commit/4a99b816ae3ab03ae5449d15aac45147c85ed47a

reference_url

https://github.com/quic-go/quic-go/security/advisories/GHSA-c33x-xqrf-c478

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-09T14:56:31Z/

url

https://github.com/quic-go/quic-go/security/advisories/GHSA-c33x-xqrf-c478

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-22189

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-22189

reference_url

https://seemann.io/posts/2024-03-19-exploiting-quics-connection-id-management

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-09T14:56:31Z/

url

https://seemann.io/posts/2024-03-19-exploiting-quics-connection-id-management

reference_url

https://www.youtube.com/watch?v=JqXtYcZAtIA&t=3683s

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-09T14:56:31Z/

url

https://www.youtube.com/watch?v=JqXtYcZAtIA&t=3683s

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072180
reference_id	1072180
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072180

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2273513
reference_id	2273513
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2273513

reference_url	https://access.redhat.com/errata/RHSA-2024:4144
reference_id	RHSA-2024:4144
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4144

reference_url	https://access.redhat.com/errata/RHSA-2024:5094
reference_id	RHSA-2024:5094
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5094

reference_url	https://access.redhat.com/errata/RHSA-2024:8534
reference_id	RHSA-2024:8534
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8534

reference_url	https://access.redhat.com/errata/RHSA-2025:15847
reference_id	RHSA-2025:15847
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15847

Weaknesses

cwe_id	400
name	Uncontrolled Resource Consumption
description	The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

cwe_id	770
name	Allocation of Resources Without Limits or Throttling
description	The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-18gf-znwv-aubu

Vulnerability Instance