CVE-2024-45396: Quicly assertion failures
Published Oct 11, 2024
·Updated
Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using quicly. The vulnerability is addressed with commit 2a95896104901589c495bc41460262e64ffcad5c.
Affected Software
1 affected component
Dena Quicly<2024-10-10
Remediation
Event History
Oct 11, 2024
CVE Published
via MITRE·02:36 PM
Data Sourced
via MITRE·02:36 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·03:15 PM
DescriptionSeverityWeakness
Frequently Asked Questions
1
What is the severity of CVE-2024-45396?
CVE-2024-45396 is categorized as a denial-of-service vulnerability.
2
How do I fix CVE-2024-45396?
To fix CVE-2024-45396, upgrade Dena Quicly to a version later than the commit d720707.
3
What kind of attack can be executed using CVE-2024-45396?
CVE-2024-45396 allows a remote attacker to initiate a denial-of-service attack that can crash the process using quicly.
4
Which versions of Quicly are affected by CVE-2024-45396?
Quicly versions up to and including the commit d720707 are affected by CVE-2024-45396.
5
Who is the vendor associated with CVE-2024-45396?
The vendor associated with CVE-2024-45396 is Dena.