An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can continuously stream empty datagrams to indefinitely stall the client.
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Curl | Haxx | 8.18.0 (including) | 8.21.0 (excluding) |
| Red Hat Hardened Images | RedHat | curl-main-8.21.0-0.1.hum1 | * |
| Red Hat Hardened Images | RedHat | rust-main-1.96.1-1.hum1 | * |
| Curl | Ubuntu | devel | * |
| Curl | Ubuntu | resolute | * |
| Curl | Ubuntu | upstream | * |