Vulnerability Database
289,599
Total vulnerabilities in the database
Remote Denial of Service Vulnerability in Microsoft QUIC
Impact
The MsQuic server will continue to leak memory until no more is available, resulting in a denial of service.
Patches
The following patch was made:
- Fix Memory Leak from Multiple Decodes of TP - https://github.com/microsoft/msquic/commit/5d070d661c45979946615289e92bb6b822efe9e9
Workarounds
Beyond upgrading to the patched versions, there is no other workaround.
MSRC CVE Info
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190
| Software | From | Fixed in |
|---|---|---|
Microsoft.Native.Quic.MsQuic.OpenSSL
|
- | 2.1.12 |
|
Microsoft.Native.Quic.MsQuic.Schannel
|
2.2.0 | 2.2.7 |
|
Microsoft.Native.Quic.MsQuic.Schannel
|
2.3.0 | 2.3.5 |
|
Microsoft.Native.Quic.MsQuic.Schannel
|
- | 2.1.12 |
|
Microsoft.Native.Quic.MsQuic.OpenSSL
|
2.2.0 | 2.2.7 |
|
Microsoft.Native.Quic.MsQuic.OpenSSL
|
2.3.0 | 2.3.5 |
- https://github.com/microsoft/msquic/commit/5d070d661c45979946615289e92bb6b822efe9e9
- https://github.com/microsoft/msquic/commit/933f7b79949bc588945672396d70b661143bb8f0
- https://github.com/microsoft/msquic/security/advisories/GHSA-2x7m-gf85-3745
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190