PatchSiren

quinn-rs CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH quinn-rs CVE published 2026-03-10

CVE-2026-31812

CVE-2026-31812 is a denial of service vulnerability in Quinn, a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. A remote, unauthenticated attacker can trigger this vulnerability by sending a crafted QUIC Initial packet containing malformed quic_transport_parameters. The vulnerability is caused by the quinn-proto parsing logic decoding attacker-controlled varints with unwrap [truncated]