Microsoft QUIC component DoS via malformed packet
CVE-2023-38171 Published on October 10, 2023
Microsoft QUIC Denial of Service Vulnerability
Microsoft QUIC Denial of Service Vulnerability
Weakness Type
NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.
Products Associated with CVE-2023-38171
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-38171 are published in these products:
Affected Versions
Microsoft Visual Studio 2022 version 17.2:- Version 17.2.0 and below 17.2.21 is affected.
- Version 17.4.0 and below 17.4.13 is affected.
- Version 17.6.0 and below 17.6.9 is affected.
- Version 17.7.0 and below 17.7.6 is affected.
- Version 10.0.20348.0 and below 10.0.20348.2031 is affected.
- Version 10.0.0 and below 10.0.22000.2538 is affected.
- Version 10.0.22621.0 and below 10.0.22621.2428 is affected.
- Version 7.0.0 and below 7.0.13 is affected.
- Version 7.3.0 and below 7.3.9 is affected.
Vulnerable Packages
The following package name and versions may be associated with CVE-2023-38171
| Package Manager | Vulnerable Package | Versions | Fixed In |
|---|---|---|---|
| nuget | Microsoft.Native.Quic.MsQuic.Schannel | < 2.2.3 | 2.2.3 |
| nuget | Microsoft.Native.Quic.MsQuic.OpenSSL | < 2.2.3 | 2.2.3 |
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.