NRDAX
Submit

← registry

NRDAX-T0321 - Unbounded Connection ID Storage

memory_amp · active · first seen 2026-07-10

provenance: Reproduced in NullRabbit's attack-reproduction pipeline

mechanism

quic-go connection-ID memory exhaustion (CVE-2024-22189, GHSA-c33x-xqrf-c478): on an established QUIC connection the attacker floods NEW_CONNECTION_ID frames (type 0x18) with an escalating 'Retire Pri

instances (2)

chainprimitivefidelityoriginreproducer (bundle)source
quic quic_conn_id_memory_exhaustion lab reverse-engineered-cve quic_conn_id_memory_exhaustion CVE-2024-22189 / GHSA-c33x-xqrf-c478 — quic-go < 0.42.0: 'QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack'. https://github.com/quic-go/quic-go/security/advisories/GHSA-c33x-xqrf-c478
quic quiche_conn_id_retirement_unbounded lab reverse-engineered-cve quiche_conn_id_retirement_unbounded CVE-2024-1410 / GHSA-xhg9-xwch-vr7x — Cloudflare quiche (< 0.19.2; >= 0.20.0, < 0.20.1): 'quiche vulnerable to unbounded storage of information related to connection ID retirement'. https://github.com/advisories/GHSA-xhg9-xwch-vr7x

related (memory_amp)

cite

https://nrdax.com/techniques/NRDAX-T0321

plain

NRDAX Registry. Technique NRDAX-T0321.

bibtex
@misc{nrdax_NRDAX_T0321,
  title = {Unbounded Connection ID Storage (NRDAX-T0321)},
  howpublished = {NRDAX Registry},
  url = {https://nrdax.com/techniques/NRDAX-T0321},
}
json (csl)
{
  "id": "nrdax-NRDAX-T0321",
  "type": "dataset",
  "title": "Unbounded Connection ID Storage (NRDAX-T0321)",
  "URL": "https://nrdax.com/techniques/NRDAX-T0321",
  "publisher": "NRDAX Registry"
}