Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2024-22189 quic-go: memory exhaustion attack #10389

Closed
3 tasks done
bmwiedemann opened this issue Apr 8, 2024 · 1 comment
Closed
3 tasks done

CVE-2024-22189 quic-go: memory exhaustion attack #10389

bmwiedemann opened this issue Apr 8, 2024 · 1 comment
Labels
kind/bug A bug in existing code (including security flaws) need/triage Needs initial labeling and prioritization

Comments

@bmwiedemann
Copy link
Contributor

Checklist

Installation method

built from source

Version

0.27.0

Config

No response

Description

In https://bugzilla.opensuse.org/show_bug.cgi?id=1222479 our security team made me aware of a security issue in the quic-go version used in kubo.
@bmwiedemann bmwiedemann added kind/bug A bug in existing code (including security flaws) need/triage Needs initial labeling and prioritization labels Apr 8, 2024
@Stebalien
Copy link
Member

The just-released v0.28 includes the fix: https://github.com/ipfs/kubo/releases/tag/v0.28.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug A bug in existing code (including security flaws) need/triage Needs initial labeling and prioritization
Projects
No open projects
IPFS Shipyard Team
Status: 🎉 Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Stebalien @bmwiedemann