【中危】Cloudflare Quiche: Use-after-free in connection ID iterator FFI functions

安全速报 · 严重级:中危 · CVSS:5.6 · CVE-2026-11941 · GHSA-mh64-ph39-mrc9

漏洞概要

Impact

Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions.

The quiche_connection_id_iter_next and quiche_conn_retired_scid_next functions would return a pointer to a ConnectionId to the applications via function arguments, but the the owned ConnectionId would be dropped at the end of those functions' scope.

Only applications using those FFI functions are affected. The FFI API is disabled by default by a build-time feature flag.

quiche 0.29.2 is the earliest version containing the fix for this issue.

受影响组件

生态	组件	受影响版本	修复版本
rust	`quiche`	>= 0.20.0, < 0.29.2	0.29.2

修复建议

升级 quiche 至 0.29.2 或更高版本。

参考链接

GitHub Advisory GHSA-mh64-ph39-mrc9
https://github.com/cloudflare/quiche/security/advisories/GHSA-mh64-ph39-mrc9
https://nvd.nist.gov/vuln/detail/CVE-2026-11941

本文基于 GitHub Advisory Database(CC-BY-4.0 授权)整理,数据来源已注明。