Lucene search
K

226 matches found

OSV
OSV
added 2026/01/14 9:15 p.m.8 views

AZL-74994 CVE-2026-0960 affecting package wireshark 4.4.7-1

HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service...

5.5CVSS5.7AI score0.00122EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/01/14 9:15 p.m.3 views

CVE-2026-0960

HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service...

5.5CVSS5.9AI score0.00122EPSS
Exploits1References2
CVE
CVE
added 2026/01/14 8:23 p.m.30 views

CVE-2026-0960

CVE-2026-0960 affects Wireshark 4.6.0–4.6.2 with an HTTP3 protocol dissector infinite loop that can cause denial of service. Connected advisories confirm the issue across distributions and indicate a fix was released in Wireshark 4.6.3 (e.g., Fedora/SUSE advisories, Debian DSA-6124-1). Impact is ...

5.5CVSS6.4AI score0.00122EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2026/01/14 8:23 p.m.2 views

CVE-2026-0960

HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service...

5.5CVSS5.2AI score0.00122EPSS
Exploits1
EUVD
EUVD
added 2026/01/14 8:23 p.m.3 views

EUVD-2026-2438

HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service...

4.7CVSS6.3AI score0.00122EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/01/14 8:23 p.m.4 views

CVE-2026-0960

HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service...

5.5CVSS5.5AI score0.00122EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/01/08 4:41 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of resource-limiting controls in the gRPC, HTTPS, and HTTP3 server implementations. An attacker can exhaust memory and cause the server to degrade or crash by opening...

8.7CVSS6.8AI score0.00412EPSS
Exploits0References2
OSV
OSV
added 2026/01/08 3:33 p.m.5 views

CVE-2025-68151 CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent...

8.7CVSS7.1AI score0.00412EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/08 3:33 p.m.23 views

CVE-2025-68151 CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent...

8.7CVSS0.00412EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/08 3:33 p.m.3 views

CVE-2025-68151 CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent...

8.7CVSS6.8AI score0.00412EPSS
Exploits0References3
Hacker One
Hacker One
added 2025/12/26 5:4 p.m.21 views

curl: HTTP/3 Protocol Smuggling and Header Injection via CRLF in QPACK value conversion

A fundamental design flaw exists in how libcurl handles HTTP/3 QUIC response headers across all supported backends ngtcp2, quiche, openssl-quic. The vulnerability stems from the unsafe transcoding of binary QPACK headers HTTP/3 into the textual HTTP/1.1 format used internally by curl's pipeline...

7.3AI score
Exploits0
OSV
OSV
added 2025/12/11 9:15 p.m.3 views

DEBIAN-CVE-2025-64702

quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section many unique header...

5.3CVSS7.7AI score0.00325EPSS
Exploits0References1
NVD
NVD
added 2025/12/11 9:15 p.m.4 views

CVE-2025-64702

quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section many unique header...

5.3CVSS0.00325EPSS
Exploits0References2
CVE
CVE
added 2025/12/11 8:58 p.m.26 views

CVE-2025-64702

CVE-2025-64702 affects quic-go (Go QUIC implementation) and is documented across multiple feeds. The issue occurs in versions 0.56.0 and earlier where the HTTP/3 client and server decode QPACK HEADERS frames into http.Header without enforcing a decoded-header size limit, leading to memory exhaust...

5.3CVSS6.4AI score0.00325EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/12/11 4:48 p.m.7 views

EUVD-2025-202714

quic-go HTTP/3 QPACK Header Expansion DoS...

5.3CVSS6.4AI score0.00325EPSS
Exploits0References4
OSV
OSV
added 2025/12/11 4:48 p.m.2 views

GHSA-G754-HX8W-X2G6 quic-go HTTP/3 QPACK Header Expansion DoS

Summary An attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large header field section many unique header names and/or large values. The implementation builds an http.Header used on th...

5.3CVSS6.8AI score0.00325EPSS
Exploits0References4
OSV
OSV
added 2025/12/03 11:44 a.m.3 views

BIT-NGINX-GATEWAY-2024-35200 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate...

5.3CVSS6.4AI score0.00917EPSS
Exploits0References5
OSV
OSV
added 2025/12/03 11:44 a.m.1 views

BIT-NGINX-GATEWAY-2024-32760 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact...

6.5CVSS6.9AI score0.00848EPSS
Exploits0References5
OSV
OSV
added 2025/12/03 11:44 a.m.3 views

BIT-NGINX-GATEWAY-2024-24990 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

7.5CVSS7.6AI score0.00914EPSS
Exploits0References3
OSV
OSV
added 2025/12/03 11:44 a.m.5 views

BIT-NGINX-GATEWAY-2024-24989 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

7.5CVSS7.6AI score0.01061EPSS
Exploits0References3
Rows per page
Query Builder