Revamping the quic-go API: Transitioning from Interfaces to Structs| Hello, I am Marten Seemann.
How IP fragmentation works and why it is important for QUIC| Hello, I am Marten Seemann.
Using QUIC to achieve everything needed for NAT traversal, from address discovery to proxying UDP| Posts on
QUIC’s connection ID issuance mechanism is vulnerable to a resource exhaustion attack similar to the recently reported attack against QUIC’s path validation mechanism. I discovered this vulnerability in December 2023 and disclosed it to the IETF QUIC working group. Among 17 QUIC stacks surveyed, 11 were found vulnerable, including my own (quic-go), Cloudflare quiche, Neqo (Mozilla), lsquic (LiteSpeed) and MsQuic (Microsoft). Due to the large number of affected implementations, and the len...| Posts on
QUIC supports connection migration, allowing the client to migrate an established QUIC connection from one path to the other. QUIC’s path validation mechanism can be used to attack the peer and make it consume an unbounded amount of memory. While there have been a number of vulnerabilities in various QUIC implementations, this vulnerability is the first attack against the QUIC protocol itself, i.e. any RFC 9000-compliant implementation is necessarily vulnerable to this attack.| Posts on