Cloudflare Quiche Congestion Control Vulnerability Allowing Excessive Data Transmission

A vulnerability in Cloudflare Quiche versions prior to 0.24.4 allows for incorrect growth of the congestion window. This flaw can lead to data being sent faster than the actual capacity of the network path. An unauthenticated remote attacker can exploit this by completing a handshake and starting a congestion-controlled data transfer. The attacker can then manipulate the victim's congestion control state by sending ACK frames, taking advantage of an opportunistic ACK attack as described in RFC 9000 Section 21.4. This manipulation can cause the victim to exceed normal congestion window limits, allowing more bytes in flight than the path can reliably support.

Impact

Exploitation of this vulnerability can disrupt normal data transmission rates, causing potential congestion and inefficiencies in network communication.

Remediation

Users can upgrade to Cloudflare Quiche version 0.24.4 or later to address this vulnerability.