NRDAX
CLI Submit

← registry

NRDAX-T0392 - Invalid UTF-8 Decode Panic

protocol_logic_exploit · active · first seen 2026-07-15

provenance: Reproduced in NullRabbit's attack-reproduction pipeline

mechanism

The node's qlog logging path assumes the CONNECTION_CLOSE/APPLICATION_CLOSE reason-phrase field is valid UTF-8 and decodes it directly into a Rust `str` for logging, even though RFC 9000 §19.19 defines the reason phrase as opaque bytes with no UTF-8 requirement. A remote peer sends a single CLOSE frame (0x1c/0x1d) whose reason-phrase bytes are deliberately invalid UTF-8 (e.g. stray continuation bytes), triggering a decode/conversion panic in the qlog writer and crashing the victim process - a one-packet availability DoS. The fix-class is defensive/lossy decoding (or byte-safe handling) of all peer-supplied opaque protocol fields before they are passed to logging, serialization, or string-typed APIs.

instances (1)

chainprimitivefidelityoriginreproducer (bundle)source
quic quiche_nonutf8_close_panic lab reverse-engineered-cve quiche_nonutf8_close_panic -

cite

https://nrdax.com/techniques/NRDAX-T0392

plain

NRDAX Registry. Technique NRDAX-T0392.

bibtex
@misc{nrdax_NRDAX_T0392,
  title = {Invalid UTF-8 Decode Panic (NRDAX-T0392)},
  howpublished = {NRDAX Registry},
  url = {https://nrdax.com/techniques/NRDAX-T0392},
}
json (csl)
{
  "id": "nrdax-NRDAX-T0392",
  "type": "dataset",
  "title": "Invalid UTF-8 Decode Panic (NRDAX-T0392)",
  "URL": "https://nrdax.com/techniques/NRDAX-T0392",
  "publisher": "NRDAX Registry"
}

use from the CLI

Retrieve or cite this technique from a script or the terminal with the NRDAX Python library & CLI.

Retrieve this technique
nrdax get NRDAX-T0392
Cite it (BibTeX)
nrdax cite NRDAX-T0392 --format bibtex

CLI guide → GitHub ↗