Find more live information in Aikido here: https://app.aikido.dev/repositories/1742119?sidebarIssue=33553903&groupId=77741&sidebarIssueTask=5349715&sidebarTab=tasks
Scope
These issues affect the following code repository:
TLDR
The Assembler component that assembles unordered stream fragments into consecutive chunks of the stream incurs some overhead for non-contiguous fragments. Readers that read from a RecvStream in order (through an AsyncRead impl for example) will be sensitive to peers that send fragments while leaving out early parts of the stream, and in particular, fragments with many gaps (because these cannot be defragmented). In such a scenario, the receiving connection suffers from high buffer overhead, enabling memory exhaustion.
https://security.aikido.dev/cve/AIKIDO-2026-395465
How to fix
Upgrade the quinn-proto library to the patch version.
Find more live information in Aikido here: https://app.aikido.dev/repositories/1742119?sidebarIssue=33553903&groupId=77741&sidebarIssueTask=5349715&sidebarTab=tasks
Scope
These issues affect the following code repository:
TLDR
The
Assemblercomponent that assembles unordered stream fragments into consecutive chunks of the stream incurs some overhead for non-contiguous fragments. Readers that read from aRecvStreamin order (through anAsyncReadimpl for example) will be sensitive to peers that send fragments while leaving out early parts of the stream, and in particular, fragments with many gaps (because these cannot be defragmented). In such a scenario, the receiving connection suffers from high buffer overhead, enabling memory exhaustion.https://security.aikido.dev/cve/AIKIDO-2026-395465
How to fix
Upgrade the
quinn-protolibrary to the patch version.