GHSA-2C5C-CHWR-9HQW Netty HTTP/3 QPACK literal unbounded allocation

Summary When Netty decodes HTTP/3 headers, it sometimes runs new bytelength using a length from the wire before checking that many bytes are really there. A small malicious header can claim a huge length on the order of a gigabyte. Details When decoding header blocks, the non-Huffman branch of...

PT-2026-38375

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.2.13.Final Description When decoding HTTP/3 header blocks, the non-Huffman branch of the decodeHuffmanEncodedLiteral function in io.netty.handler.codec.http3.QpackDecoder may execute new bytelength for a string litera...

CVE-2026-35579

CoreDNS versions prior to 1.14.3 expose a TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports. In gRPC/QUIC, the server checks for a configured TSIG key name but never calls dns.TsigVerify(), so a matching key yields a nil tsigStatus and the request is treated as authenticated rega...

JLSEC-2026-433 libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an...

libcurl supports pinning of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC...

USN-8208-1 haproxy vulnerability

Martino Spagnuolo discovered that HAProxy did not check received body lengths in the HTTP/3 parser. A remote attacker could possibly use this issue to perform a request smuggling attack and obtain sensitive information...

OESA-2026-2086 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: An issue was...

OESA-2026-2085 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: An issue was...

openSUSE 16 Security Update : haproxy (openSUSE-SU-2026:20618-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20618-1 advisory. Security issue: - CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103. - bug in SLZ compression bsc1261626. Tenable has...

SUSE SLES15 Security Update : haproxy (SUSE-SU-2026:1568-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:1568-1 advisory. This update for haproxy fixes the following issue: - CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103. Tenable has...

Security update for haproxy (moderate)

openSUSE security update: security update for haproxy ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20618-1 Rating: moderate References: bsc1261626 bsc1262103 Cross-References: CVE-2026-33555 CVSS scores: CVE-2026-33555 SUSE : 4...

Security update for haproxy

This update for haproxy fixes the following issue: CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...

SUSE-SU-2026:21390-1 Security update for haproxy

This update for haproxy fixes the following issues: Security issue: - CVE-2026-33555: Request smuggling via HTTP/3 parser desynchronization bsc1262103. - bug in SLZ compression bsc1261626...

SUSE-SU-2026:21289-1 Security update for haproxy

This update for haproxy fixes the following issue: - CVE-2026-33555: improper validation when matching a received body length to a previously announced Content-Length can lead to request smuggling due to HTTP/3 parser desynchronization bsc1262103...

SUSE-SU-2026:21318-1 Security update for haproxy

This update for haproxy fixes the following issue: - CVE-2026-33555: improper validation when matching a received body length to a previously announced Content-Length can lead to request smuggling due to HTTP/3 parser desynchronization bsc1262103...

BIT-DOTNET-2026-25667

ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing...

BIT-DOTNET-SDK-2026-25667

ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing...

XQUIC 安全漏洞

XQUIC is an open-source cross-platform implementation code base for QUIC and HTTP/3 protocols developed by Alibaba. Versions of XQUIC 1.8.3 and earlier contain security vulnerabilities. These vulnerabilities stem from improper input validation and encryption signature verification, which may lead...

SUSE CVE-2026-33555

An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be...

CVE-2026-33555

An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be...

UBUNTU-CVE-2026-33555

An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be...