Primary

Context

Cloudflare quiche Congestion Control Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Cloudflare quiche versions prior to 0.24.4. The issue arises from incorrect congestion window growth, allowing an unauthenticated remote attacker to send data faster than the network path can support. Exploitation involves completing a handshake and initiating a congestion-controlled data transfer, followed by sending ACK frames that manipulate the victim's congestion control state. This can cause the congestion window to exceed normal limits, potentially leading to an overflow panic.

Impact

Exploitation of this vulnerability can cause a denial-of-service condition by overwhelming the application's congestion control mechanism, leading to a panic due to an overflow.

Remediation

Users can upgrade to Cloudflare quiche version 0.24.4 or later to address this vulnerability.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

8.1

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

8.1

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cloudflare quiche Congestion Control Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Cloudflare quiche

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating