Mozilla neqo Improper Input Validation Vulnerability Leading to Unexploitable Crash
Vulnerability
A vulnerability in Mozilla neqo, versions 0.4.24 through 0.13.2, allows for improper input validation that results in a crash. This issue arises when a remote server sends a 'DATA_BLOCKED' frame, prompting neqo to respond with a 'MAX_DATA' flow control update. If the value exceeds the maximum allowed by QUIC varint standards, neqo panics, causing a crash in the socket thread and ultimately terminating the main process.
Impact
Exploitation of this vulnerability causes a crash in the neqo process, disrupting the application's operation.
Reproduction
To reproduce this vulnerability, a remote QUIC server can send a 'DATA_BLOCKED' frame that consumes one or more bytes on the connection. This action prompts neqo to attempt to send a 'MAX_DATA' flow control update with a value larger than the maximum allowed by QUIC varint standards, leading to a panic and crash.
Remediation
Users can upgrade to neqo version 0.13.3 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.