{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29036?format=json","vulnerability_id":"VCID-s9za-jdcy-fkbc","summary":"quiche connection ID retirement can trigger an infinite loop\n## Impact\n\nCloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRE_CONNECTION_ID frames.\n\nQUIC connections possess a set of connection identifiers (IDs); see [Section 5.1 of RFC 9000](https://datatracker.ietf.org/doc/html/rfc9000#section-5.1). Once the QUIC handshake completes, a local endpoint is responsible for issuing and retiring Connection IDs that are used by the remote peer to populate the Destination Connection ID field in packets sent from remote to local. Each Connection ID has a sequence number to ensure synchronization between peers\n\nAn unauthenticated remote attacker can exploit this vulnerability by first completing a handshake and then sending a specially-crafted set of frames that trigger a connection ID retirement in the victim. When the victim attempts to send a packet containing RETIRE_CONNECTION_ID frames, [Section 19.16 of RFC 9000](https://datatracker.ietf.org/doc/html/rfc9000#section-19.16) requires that the sequence number of the retired connection ID must not be the same as the sequence number of the connection ID used by the packet. In other words, a packet cannot contain a frame that retires itself.  In scenarios such as path migration, it is possible for there to be multiple active paths with different active connection IDs that could be used to retire each other. The exploit triggered an unintentional behaviour of a quiche design feature that supports retirement across paths while maintaining full connection ID  synchronization, leading to an infinite loop.\n\n## Patches\n\nquiche 0.24.5 is the earliest version containing the fix for the issue","aliases":[{"alias":"CVE-2025-7054"},{"alias":"GHSA-m3hh-f9gh-74c2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/963119?format=json","purl":"pkg:apk/alpine/dnsdist@1.9.11-r0?arch=riscv64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@1.9.11-r0%3Farch=riscv64&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/963118?format=json","purl":"pkg:apk/alpine/dnsdist@1.9.11-r0?arch=ppc64le&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@1.9.11-r0%3Farch=ppc64le&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/963120?format=json","purl":"pkg:apk/alpine/dnsdist@1.9.11-r0?arch=s390x&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@1.9.11-r0%3Farch=s390x&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/963116?format=json","purl":"pkg:apk/alpine/dnsdist@1.9.11-r0?arch=armv7&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@1.9.11-r0%3Farch=armv7&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/963122?format=json","purl":"pkg:apk/alpine/dnsdist@1.9.11-r0?arch=x86_64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@1.9.11-r0%3Farch=x86_64&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/963117?format=json","purl":"pkg:apk/alpine/dnsdist@1.9.11-r0?arch=loongarch64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@1.9.11-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/963121?format=json","purl":"pkg:apk/alpine/dnsdist@1.9.11-r0?arch=x86&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@1.9.11-r0%3Farch=x86&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/963114?format=json","purl":"pkg:apk/alpine/dnsdist@1.9.11-r0?arch=aarch64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@1.9.11-r0%3Farch=aarch64&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/963115?format=json","purl":"pkg:apk/alpine/dnsdist@1.9.11-r0?arch=armhf&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@1.9.11-r0%3Farch=armhf&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/403611?format=json","purl":"pkg:apk/alpine/dnsdist@2.0.1-r0?arch=x86&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=x86&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/415842?format=json","purl":"pkg:apk/alpine/dnsdist@2.0.1-r0?arch=armv7&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=armv7&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/403604?format=json","purl":"pkg:apk/alpine/dnsdist@2.0.1-r0?arch=aarch64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=aarch64&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/403608?format=json","purl":"pkg:apk/alpine/dnsdist@2.0.1-r0?arch=ppc64le&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=ppc64le&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/403612?format=json","purl":"pkg:apk/alpine/dnsdist@2.0.1-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=x86_64&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/415840?format=json","purl":"pkg:apk/alpine/dnsdist@2.0.1-r0?arch=aarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=aarch64&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/415841?format=json","purl":"pkg:apk/alpine/dnsdist@2.0.1-r0?arch=armhf&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=armhf&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/415847?format=json","purl":"pkg:apk/alpine/dnsdist@2.0.1-r0?arch=x86&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=x86&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/415848?format=json","purl":"pkg:apk/alpine/dnsdist@2.0.1-r0?arch=x86_64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=x86_64&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/415843?format=json","purl":"pkg:apk/alpine/dnsdist@2.0.1-r0?arch=loongarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/403605?format=json","purl":"pkg:apk/alpine/dnsdist@2.0.1-r0?arch=armhf&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=armhf&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/403606?format=json","purl":"pkg:apk/alpine/dnsdist@2.0.1-r0?arch=armv7&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=armv7&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/403607?format=json","purl":"pkg:apk/alpine/dnsdist@2.0.1-r0?arch=loongarch64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=loongarch64&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/415844?format=json","purl":"pkg:apk/alpine/dnsdist@2.0.1-r0?arch=ppc64le&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/415845?format=json","purl":"pkg:apk/alpine/dnsdist@2.0.1-r0?arch=riscv64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/415846?format=json","purl":"pkg:apk/alpine/dnsdist@2.0.1-r0?arch=s390x&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=s390x&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/403609?format=json","purl":"pkg:apk/alpine/dnsdist@2.0.1-r0?arch=riscv64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=riscv64&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/403610?format=json","purl":"pkg:apk/alpine/dnsdist@2.0.1-r0?arch=s390x&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/dnsdist@2.0.1-r0%3Farch=s390x&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/1026019?format=json","purl":"pkg:cargo/quiche@0.24.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/quiche@0.24.5"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/581651?format=json","purl":"pkg:cargo/quiche@0.15.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-arws-exmk-fkdp"},{"vulnerability":"VCID-s9za-jdcy-fkbc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:cargo/quiche@0.15.0"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-7054","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09242","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09156","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09206","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0913","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.0921","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09239","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10384","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10255","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10406","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10358","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10227","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13011","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12875","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.12979","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23239","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23024","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23107","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23181","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23143","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.2316","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-7054"},{"reference_url":"https://github.com/cloudflare/quiche","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cloudflare/quiche"},{"reference_url":"https://github.com/cloudflare/quiche/security/advisories/GHSA-m3hh-f9gh-74c2","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-07T15:52:05Z/"}],"url":"https://github.com/cloudflare/quiche/security/advisories/GHSA-m3hh-f9gh-74c2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7054","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7054"},{"reference_url":"https://github.com/advisories/GHSA-m3hh-f9gh-74c2","reference_id":"GHSA-m3hh-f9gh-74c2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m3hh-f9gh-74c2"}],"weaknesses":[{"cwe_id":835,"name":"Loop with Unreachable Exit Condition ('Infinite Loop')","description":"The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s9za-jdcy-fkbc"}