Skip to content

Small upgrade for quinn-proto - hotdata-cli #192

Description

@zfarrell

Find more live information in Aikido here: https://app.aikido.dev/repositories/1742119?sidebarIssue=33553903&groupId=77741&sidebarIssueTask=5349715&sidebarTab=tasks

Scope

These issues affect the following code repository:

  • hotdata-cli: Cargo.lock

TLDR

The Assembler component that assembles unordered stream fragments into consecutive chunks of the stream incurs some overhead for non-contiguous fragments. Readers that read from a RecvStream in order (through an AsyncRead impl for example) will be sensitive to peers that send fragments while leaving out early parts of the stream, and in particular, fragments with many gaps (because these cannot be defragmented). In such a scenario, the receiving connection suffers from high buffer overhead, enabling memory exhaustion.
https://security.aikido.dev/cve/AIKIDO-2026-395465

How to fix

Upgrade the quinn-proto library to the patch version.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions