Description
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed quic_transport_parameters. In quinn-proto parsing logic, attacker-controlled varints are decoded with unwrap(), so truncated encodings cause Err(UnexpectedEnd) and panic. This is reachable over the network with a single packet and no prior trust or authentication. This vulnerability is fixed in 0.11.14.
INFO
Published Date :
2026-03-10T21:04:36.812Z
Last Modified :
2026-03-11T15:19:29.150Z
Source :
GitHub_M
AFFECTED PRODUCTS
The following products are affected by CVE-2026-31812 vulnerability.
| Vendors | Products |
|---|---|
| Quinn-rs |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2026-31812.
