{ "threat_severity" : "Important", "public_date" : "2026-03-10T21:04:36Z", "bugzilla" : { "description" : "quinn-proto: quinn-proto: Denial of Service via crafted QUIC Initial packet", "id" : "2446330", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2446330" }, "cvss3" : { "cvss3_base_score" : "5.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status" : "verified" }, "cwe" : "CWE-248", "details" : [ "Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed quic_transport_parameters. In quinn-proto parsing logic, attacker-controlled varints are decoded with unwrap(), so truncated encodings cause Err(UnexpectedEnd) and panic. This is reachable over the network with a single packet and no prior trust or authentication. This vulnerability is fixed in 0.11.14.", "A flaw was found in quinn-proto, a pure-Rust implementation of the IETF QUIC transport protocol. A remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed quic_transport_parameters. In quinn-proto parsing logic, attacker-controlled varints are decoded with unwrap(), so truncated encodings cause Err(UnexpectedEnd) and panic. This is reachable over the network with a single packet and no prior trust or authentication." ], "statement" : "The availability impact of this flaw is limited to specific services on Red Hat systems. Host system availability is not at risk.", "affected_release" : [ { "product_name" : "Red Hat Ansible Automation Platform 2.6", "release_date" : "2026-05-04T00:00:00Z", "advisory" : "RHSA-2026:13545", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "package" : "ansible-automation-platform-26/lightspeed-chatbot-rhel9:1777398576" }, { "product_name" : "Red Hat OpenShift AI 3.3", "release_date" : "2026-05-20T00:00:00Z", "advisory" : "RHSA-2026:19712", "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9", "package" : "rhoai/odh-model-registry-job-async-upload-rhel9:1778596806" }, { "product_name" : "Red Hat Trusted Artifact Signer 1.3", "release_date" : "2026-03-23T00:00:00Z", "advisory" : "RHSA-2026:5459", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1.3::el9", "package" : "rhtas/tuffer-rhel9:1773307309" }, { "product_name" : "Red Hat Trusted Artifact Signer 1.3", "release_date" : "2026-03-23T00:00:00Z", "advisory" : "RHSA-2026:5459", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1.3::el9", "package" : "rhtas/tuftool-rhel9:1773307309" } ], "package_state" : [ { "product_name" : "Confidential Compute Attestation", "fix_state" : "Affected", "package_name" : "build-of-trustee/trustee-rhel9", "cpe" : "cpe:/a:redhat:confidential_compute_attestation:1" }, { "product_name" : "Confidential Compute Attestation", "fix_state" : "Affected", "package_name" : "confidential-compute-attestation-tech-preview/trustee-rhel9", "cpe" : "cpe:/a:redhat:confidential_compute_attestation:1" }, { "product_name" : "Confidential Compute Attestation", "fix_state" : "Not affected", "package_name" : "openshift-sandboxed-containers/osc-monitor-rhel9", "cpe" : "cpe:/a:redhat:confidential_compute_attestation:1" }, { "product_name" : "Confidential Compute Attestation", "fix_state" : "Not affected", "package_name" : "openshift-sandboxed-containers/osc-operator-bundle", "cpe" : "cpe:/a:redhat:confidential_compute_attestation:1" }, { "product_name" : "Confidential Compute Attestation", "fix_state" : "Affected", "package_name" : "openshift-sandboxed-containers/osc-podvm-builder-rhel9", "cpe" : "cpe:/a:redhat:confidential_compute_attestation:1" }, { "product_name" : "Confidential Compute Attestation", "fix_state" : "Affected", "package_name" : "openshift-sandboxed-containers/osc-podvm-payload-rhel9", "cpe" : "cpe:/a:redhat:confidential_compute_attestation:1" }, { "product_name" : "Confidential Compute Attestation", "fix_state" : "Not affected", "package_name" : "openshift-sandboxed-containers/osc-rhel9-operator", "cpe" : "cpe:/a:redhat:confidential_compute_attestation:1" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/cluster-logging-operator-bundle", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/cluster-logging-rhel9-operator", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/eventrouter-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/fluentd-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/log-file-metric-exporter-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/logging-view-plugin-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/vector-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Affected", "package_name" : "openshift-logging/vector-rhel9", "cpe" : "cpe:/a:redhat:logging:6" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Will not fix", "package_name" : "clevis-pin-trustee", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "rust", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "thunderbird", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "trustee", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "trustee-guest-components", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "virt-firmware-rs", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "rust-toolset:rhel8/rust", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "thunderbird", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "clevis-pin-trustee", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "rust", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "thunderbird", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "trustee-guest-components", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Affected", "package_name" : "rust", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-fms-guardrails-orchestrator-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "kata-containers", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Update Service", "fix_state" : "Not affected", "package_name" : "openshift-update-service/openshift-update-service-rhel8", "cpe" : "cpe:/a:redhat:openshift_update_service:5" }, { "product_name" : "Red Hat Trusted Profile Analyzer", "fix_state" : "Not affected", "package_name" : "rhtpa/rhtpa-trustification-service-rhel9", "cpe" : "cpe:/a:redhat:trusted_profile_analyzer:2" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-31812\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31812\nhttps://github.com/quinn-rs/quinn/security/advisories/GHSA-6xvm-j4wr-6v98" ], "name" : "CVE-2026-31812", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }