Skip to content

fix(deps): patch quinn-proto memory exhaustion vulnerability (RUSTSEC-2026-0185)#35

Open
MaximeGaudin wants to merge 1 commit into
mainfrom
fix/quinn-proto-rustsec-2026-0185
Open

fix(deps): patch quinn-proto memory exhaustion vulnerability (RUSTSEC-2026-0185)#35
MaximeGaudin wants to merge 1 commit into
mainfrom
fix/quinn-proto-rustsec-2026-0185

Conversation

@MaximeGaudin

Copy link
Copy Markdown
Owner

Summary

  • Bumps quinn-proto 0.11.14 → 0.11.15 (lockfile-only change) to fix RUSTSEC-2026-0185: remote memory exhaustion from unbounded out-of-order stream reassembly (severity: high, CVSS 7.5)
  • Transitive dependency via reqwestquinnquinn-proto
  • cargo audit passes clean after the bump (only pre-existing warnings remain: bincode unmaintained, glass_pumpkin yanked)

Test plan

  • cargo audit exits 0 — vulnerability resolved
  • CI passes (format, clippy, test on all 3 OS, MSRV, cargo-deny)

Made with Cursor

…-2026-0185)

Bump quinn-proto 0.11.14 → 0.11.15 to fix remote memory exhaustion
from unbounded out-of-order stream reassembly (severity: high 7.5).

Co-authored-by: Cursor <cursoragent@cursor.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant