NRDAX
Submit

← registry

NRDAX-T0185 - Out-Of-Order Stream Reassembly OOM

memory_amp · active · first seen 2026-07-10

provenance: Reproduced in NullRabbit's attack-reproduction pipeline

mechanism

quinn-proto out-of-order stream reassembly memory exhaustion (GHSA-4w2j-m93h-cj5j / RUSTSEC-2026-0185, CVSS 7.5 AV:N/AC:L/PR:N/UI:N/A:H, CWE-770; affected quinn-proto < 0.11.15, fixed 0.11.15). An una

instances (1)

chainprimitivefidelityoriginreproducer (bundle)source
quic quinn_gap_fragment_reassembly_oom lab reverse-engineered-cve quinn_gap_fragment_reassembly_oom GHSA-4w2j-m93h-cj5j (https://github.com/advisories/GHSA-4w2j-m93h-cj5j) / RUSTSEC-2026-0185 (https://rustsec.org/advisories/RUSTSEC-2026-0185.html) — quinn-proto: remote memory exhaustion from unbounded out-of-order stream reassembly. The per-stream `Assembler` retains out-of-order received STREAM data until a contiguous prefix can be delivered; a peer sending many small STREAM fragments at gapped (non-contiguous) offsets forces un-coalescible entries whose per-fragment overhead grows without bound while never becoming deliverable.

related (memory_amp)

cite

https://nrdax.com/techniques/NRDAX-T0185

plain

NRDAX Registry. Technique NRDAX-T0185.

bibtex
@misc{nrdax_NRDAX_T0185,
  title = {Out-Of-Order Stream Reassembly OOM (NRDAX-T0185)},
  howpublished = {NRDAX Registry},
  url = {https://nrdax.com/techniques/NRDAX-T0185},
}
json (csl)
{
  "id": "nrdax-NRDAX-T0185",
  "type": "dataset",
  "title": "Out-Of-Order Stream Reassembly OOM (NRDAX-T0185)",
  "URL": "https://nrdax.com/techniques/NRDAX-T0185",
  "publisher": "NRDAX Registry"
}