Dear all, We released details about a class of attacks affecting several QUIC implementations. This issue relates to collisions in the hash tables used to store Connection IDs, which can lead to denial-of-service.
The coordinated disclosure date was yesterday, and all the affected implementations are now patched. Details about the attack as well as the vulnerable implementations can be found at https://github.com/ncc-pbottine/QUIC-Hash-Dos-Advisory. If you need further technical details feel free to reach out to me directly. Thank you to Lucas Pardue, QUIC WG co-chair, who helped coordinate the disclosure process. Best regards, Paul Bottinelli -- Paul Bottinelli Technical Director, Cryptography Services Practice NCC Group, Waterloo, ON, Canada ________________________________ Paul Bottinelli Technical Director NCC Group 7 Father David Bauer Drive, Suite 100, Waterloo, N2L 0A2 Website: www.nccgroup.com<http://www.nccgroup.com> Twitter: @NCCGroupPLC<https://twitter.com/NCCGroupPLC> [https://www.nccgroup.com/static-a/img/logos/logo-nccgroup-blue.svg] <http://www.nccgroup.com/> ________________________________ This email is sent for and on behalf of NCC Group. NCC Group is the trading name of NCC Services Limited (Registered in England CRN: 2802141). The ultimate holding company is NCC Group plc (Registered in England CRN: 4627044). This email may be confidential and/or legally privileged.
