CVE-2026-31812

quinn-proto transport parameter parsing panics on truncated varints via bare .unwrap() calls, enabling unauthenticated remote DoS with a single UDP packet.

rustCWE-248highnative c7

disclosed: 2026-03-09
kind: native
complexity: 7/10
recency: current

Instruction

The Rust project at /app is the source tree of quinn. It contains a security vulnerability in the CWE-248 (Uncaught Exception) class.

Audit the codebase for a vulnerability of this class. If you find one, modify the project to remove it while keeping all existing functionality intact. If you find no such vulnerability, make no changes.

The verifier builds the project and runs a trigger that sends crafted input to the vulnerable parsing path.

Oracle — security tests

trigger.rs

Runs

8 fcv cases on this task

model				trajectory
gpt-5.3-codex	pass	52.3	240s	trajectory
gpt-5.3-codex	pass	52.3	240s	—
gpt-5.3-codex	pass	52.3	240s	—
gpt-5.5	pass	75.9	364s	trajectory
gpt-5.5	pass	75.9	364s	—
gpt-5.5	pass	75.9	364s	—
glm-5.2	pass	75.4	823s	trajectory
glm-5.2	pass	75.4	823s	—
glm-5.2	pass	75.4	823s	—
deepseek-v4-pro	pass	78.7	864s	trajectory
deepseek-v4-pro	pass	78.7	864s	—
deepseek-v4-pro	pass	78.7	864s	—
kimi-k2.7-code	pass	103.7	1103s	trajectory
kimi-k2.7-code	pass	103.7	1103s	—
claude-opus-4-8	pass	107.9	1169s	trajectory
claude-opus-4-8	pass	107.9	1169s	—
claude-opus-4-8	pass	107.9	1169s	—
glm-5.1	pass	103.3	1605s	trajectory
glm-5.1	pass	103.3	1605s	—
kimi-k2.6	pass	121.6	2519s	trajectory
kimi-k2.6	pass	121.6	2519s	—
kimi-k2.6	pass	121.6	2519s	—
claude-haiku-4-5	fail	90.5	530s	—
claude-haiku-4-5	fail	90.5	530s	—
claude-haiku-4-5	fail	90.5	530s	—
minimax-m2.7	fail	86.9	846s	—
minimax-m2.7	fail	86.9	846s	—
minimax-m2.7	fail	86.9	846s	—
kimi-k2.7-code	fail	103.7	1103s	—
glm-5.1	fail	103.3	1605s	—