What is CVE-2023-6193?

CVE-2023-6193 is a medium-severity vulnerability in Cloudflare Quiche, classified under Uncontrolled Resource Consumption. CVSS score: 5.3/10. Published 2023-12-12.

How severe is CVE-2023-6193?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Resource exhaustion in Cloudflare Quiche

CVE-2023-6193

quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation (RFC 9000 Section 8.2) requires that the recipient o…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.008 (50.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.

Affected products

Cloudflare Quiche — versions 0.15.0

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

References

cna@cloudflare.com (Vendor Advisory)
cna@cloudflare.com (Technical Description)

Frequently asked questions

What is CVE-2023-6193?: CVE-2023-6193 is a medium-severity vulnerability in Cloudflare Quiche, classified under Uncontrolled Resource Consumption. CVSS score: 5.3/10. Published 2023-12-12.
How severe is CVE-2023-6193?: Medium severity. CVSS v3 base score is 5.3 out of 10.