
Research Reveals QUIC Protocol Vulnerable to Hash DoS Attacks
The talk, titled 'Cut to the Quick: Slashing Quick's Performance with a Hash DoS,' presented by Paul Bottinelli (a consultant at Trail of Bits), explores how attackers can exploit the QUIC transport protocol to stall backend servers using hash denial-of-service (DoS) attacks. QUIC, designed by Google in 2012 and formalized under RFC 9000, underpins HTTP/3 and uses connection IDs to maintain seamless connections during network switches, but these IDs can be attacker-controlled inputs for hash collisions. Bottinelli demonstrated vulnerabilities in multiple QUIC implementations, including Alibaba’s XQUIC (using a weak multiplicative hash function) and Lightspeed’s LSQUIC (using XXH32), where crafted connection IDs triggered quadratic-time complexity in hash tables, causing CPU exhaustion. The research revealed that 8 out of 24 publicly available QUIC implementations were vulnerable, with coordinated disclosures resolved by February 2023, though some projects (e.g., Ericsson’s Rust-based RASK) reintroduced risks by bypassing built-in protections. Mitigations emphasized using languages with built-in hash DoS protections (e.g., Rust, Go, Python) and avoiding non-cryptographic hash functions like SipHash. The talk traced the history of hash DoS attacks back to a 2003 USENIX paper and highlighted their persistence in modern protocols.