CVE-2024-53259
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2024-53259 is a vulnerability affecting the quic-go implementation of the QUIC protocol in Go. An off-path attacker can disrupt QUIC connections by sending an ICMP Packet Too Large packet to manipulate the claimed Maximum Transmission Unit (MTU). Affected versions of quic-go use IP_PMTUDISC_DO, causing the kernel to return an error when attempting to send packets larger than the manipulated ICMP value. This attack can be executed after the completion of the handshake, bypassing any application-layer fallback mechanisms, such as TCP. The attacker must know the client's IP and port tuple to successfully execute the attack. This vulnerability has been addressed in version 0.48.2.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.