FKIE_CVE-2025-4820

Vulnerability from fkie_nvd - Published: 2025-06-18 16:15 - Updated: 2025-11-06 22:21
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating a congestion-controlled data transfer towards itself. Then, it could manipulate the victim's congestion control state by sending ACK frames exercising an opportunistic ACK attack; see RFC 9000 Section 21.4. The victim could grow the congestion window beyond typical expectations and allow more bytes in flight than the path might really support. Patches quiche 0.24.4 is the earliest version containing the fix for this issue.
References
cna@cloudflare.comhttps://github.com/cloudflare/quiche/security/advisories/GHSA-2v9p-3p3h-w56jVendor Advisory
Impacted products
Vendor Product Version
cloudflare quiche *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cloudflare:quiche:*:*:*:*:*:rust:*:*",
              "matchCriteriaId": "8DAD3DB7-C853-47F1-91E3-BB4B1238498C",
              "versionEndExcluding": "0.24.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Impact\n\nCloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support.\n\nAn unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating a congestion-controlled data transfer towards itself. Then, it could manipulate the victim\u0027s congestion control state by sending ACK frames exercising an opportunistic ACK attack; see RFC 9000 Section 21.4. The victim could grow the congestion window beyond typical expectations and allow more bytes in flight than the path might really support.\n\n\n\nPatches\n\n\nquiche 0.24.4 is the earliest version containing the fix for this issue."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 que Quiche de Cloudflare era vulnerable a un crecimiento incorrecto de la ventana de congesti\u00f3n, lo que podr\u00eda provocar que enviara datos a una velocidad superior a la que la ruta realmente admite. Un atacante remoto no autenticado puede explotar esta vulnerabilidad completando primero un protocolo de enlace e iniciando una transferencia de datos controlada por congesti\u00f3n hacia s\u00ed mismo. Posteriormente, podr\u00eda manipular el estado de control de congesti\u00f3n de la v\u00edctima enviando tramas ACK, lo que implica un ataque ACK oportunista (v\u00e9ase RFC 9000, secci\u00f3n 21.4). La v\u00edctima podr\u00eda aumentar la ventana de congesti\u00f3n m\u00e1s all\u00e1 de lo esperado y permitir m\u00e1s bytes en tr\u00e1nsito de los que la ruta realmente admite. La versi\u00f3n 0.24.4 de Quiche es la m\u00e1s reciente que corrige este problema."
    }
  ],
  "id": "CVE-2025-4820",
  "lastModified": "2025-11-06T22:21:14.647",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "cna@cloudflare.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-18T16:15:28.403",
  "references": [
    {
      "source": "cna@cloudflare.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/cloudflare/quiche/security/advisories/GHSA-2v9p-3p3h-w56j"
    }
  ],
  "sourceIdentifier": "cna@cloudflare.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "cna@cloudflare.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.