{"id":"CVE-2022-30591","details":"quic-go through 0.27.0 allows remote attackers to cause a denial of service (CPU consumption) via a Slowloris variant in which incomplete QUIC or HTTP/3 requests are sent. This occurs because mtu_discoverer.go misparses the MTU Discovery service and consequently overflows the probe timer. NOTE: the vendor's position is that this behavior should not be listed as a vulnerability on the CVE List","modified":"2026-03-14T08:43:18.047840Z","published":"2022-07-06T12:15:08.173Z","references":[{"type":"EVIDENCE","url":"https://github.com/lucas-clemente/quic-go/blob/84e03e59760ceee37359688871bb0688fcc4e98f/mtu_discoverer.go"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/lucas-clemente/quic-go","events":[{"introduced":"0"},{"last_affected":"fa0dba963a29dca6309a8dbd2490caa00d832a3f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.27.0"}]}}],"versions":["v.0.21","v0.21.0","v0.21.1","v0.22.0","v0.23.0","v0.24.0","v0.25.0","v0.26.0","v0.27.0","v0.4","v0.5.0","v0.6.0","v0.7.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-30591.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}