Listen to this Post
How the CVE Works
In the standard QUIC handshake, a client uses three encryption key phases: Initial, Handshake, and 1-RTT. The client discards Initial keys after sending its first Handshake packet and discards Handshake keys upon receiving the server’s HANDSHAKE_DONE frame, marking handshake completion. To handle network packet reordering, the client queues packets for a higher encryption level until the necessary keys are derived. An assertion in the code ensures no packets remain queued after the handshake finishes. A malicious server can exploit this by sending a HANDSHAKE_DONE frame prematurely, before the handshake is cryptographically complete. This violates the protocol state machine, causing the client to drop Handshake keys before Initial keys. If an Initial packet then arrives and gets queued, the subsequent assertion check fails because a packet is queued after the handshake was supposedly done, triggering a panic and crashing the client process for a denial-of-service.
DailyCVE Form
Platform: quic-go
Version: < v0.49.1, v0.50.0-v0.54.0
Vulnerability: DoS via assertion
Severity: Critical
Date: 2024
Prediction: 2024-11-15
What Undercode Say:
git clone https://github.com/quic-go/quic-go cd quic-go git log --oneline --grep="5354"
// The assertion that fails
func (s session) tryQueueingPacket( / ... / ) {
// ...
if s.handshakeComplete {
panic("handshake already completed")
}
// ...
}
How Exploit:
Malicious server sends premature HANDSHAKE_DONE frame during client handshake, triggering a state violation and assertion panic.
Protection from this CVE
Upgrade to v0.49.1, v0.54.1, or v0.55.0+. The fix discards Initial keys upon receiving any HANDSHAKE_DONE frame, making the client resilient to this protocol violation.
Impact:
Client crash, denial-of-service, no authentication required.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
