Impact
Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions.
The quiche_connection_id_iter_next and quiche_conn_retired_scid_next functions would return a pointer to a ConnectionId to the applications via function arguments, but the the owned ConnectionId would be dropped at the end of those functions' scope.
Only applications using those FFI functions are affected. The FFI API is disabled by default by a build-time feature flag.
quiche 0.29.2 is the earliest version containing the fix for this issue.
Impact
Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions.
The
quiche_connection_id_iter_nextandquiche_conn_retired_scid_nextfunctions would return a pointer to aConnectionIdto the applications via function arguments, but the the ownedConnectionIdwould be dropped at the end of those functions' scope.Only applications using those FFI functions are affected. The FFI API is disabled by default by a build-time feature flag.
quiche 0.29.2 is the earliest version containing the fix for this issue.