EUVD-2025-202714

quic-go HTTP/3 QPACK Header Expansion DoS...

GHSA-G754-HX8W-X2G6 quic-go HTTP/3 QPACK Header Expansion DoS

Summary An attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section many unique header names and/or large values. The implementation builds an http.Header used on th...

BIT-NGINX-GATEWAY-2024-35200 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate...

BIT-NGINX-GATEWAY-2024-32760 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

BIT-NGINX-GATEWAY-2024-24990 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

BIT-NGINX-GATEWAY-2024-24989 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

CVE-2025-13945

HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service...

CVE-2025-13945 Improperly Controlled Sequential Memory Allocation in Wireshark

HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service...

EUVD-2025-200733

HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service...

CVE-2025-13945 Improperly Controlled Sequential Memory Allocation in Wireshark

HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service...

Wireshark 安全漏洞

Wireshark formerly known as Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A security vulnerability exists in Wireshark versions 4.6.0 and 4.6.1, which stems from...

SUSE: Security Advisory (SUSE-SU-2025:03462-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2025:03462-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03462-1 advisory. Update to Firefox Extended Support Release 140.3.1 ESR bsc1250452. - Improved reliability when HTTP/3...

SUSE-SU-2025:03447-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.3.1 ESR bsc1250452. - Improved reliability when HTTP/3 connections fail: Firefox no longer forces HTTP/2 during fallback, allowing the server to choose the protocol and preventing stalls on...

[SECURITY] [DLA 4305-2] firefox-esr regression update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4305-2 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 29, 2025 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 6003-2] firefox-esr update

------------------------------------------------------------------------- Debian Security Advisory DSA-6003-2 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 28, 2025 https://www.debian.org/security/faq -...

CVE-2025-36854

A vulnerability CVE-2024-38229 https://www.cve.org/CVERecord exists in EOL ASP.NET when closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead to use-after-free, resulting in Remote Code Execution. Per CWE-416: Use After Free...

Use After Free

Overview Microsoft.AspNetCore.App.Runtime.linux-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Use After Free that could allow remote code execution...

Use After Free

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Use After Free that could allow remote code...

Use After Free

Overview Microsoft.AspNetCore.App.Runtime.win-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Use After Free that could allow remote code execution...