External Entropy Supply for IoT Devices Employing a RISC-V Trusted Execution Environment

Entropy--a measure of randomness--is compulsory for the generation of secure cryptographic keys; however, Internet of Things IoT devices that are small or constrained often struggle to collect suf ficient entropy. In this article, we solve the entropy provisioning problem for a fleet of IoT devic...

github.com/quic-go/quic-go: quic-go Crash Due to Premature HANDSHAKE_DONE Frame

A denial of service flaw has been discovered in the quic-go golang library. A misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authentication and can be exploited during...

github.com/quic-go/quic-go: quic-go Crash Due to Premature HANDSHAKE_DONE Frame

A denial of service flaw has been discovered in the quic-go golang library. A misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authentication and can be exploited during...

EUVD-2025-33746

quic-go: Panic occurs when queuing undecryptable packets after handshake completion...

quic-go: Panic occurs when queuing undecryptable packets after handshake completion

Summary A misbehaving or malicious server can trigger an assertion in a quic-go client and crash the process by sending a premature HANDSHAKEDONE frame during the handshake. Impact A misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an...

CVE-2025-59530

quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authenticatio...

UBUNTU-CVE-2025-59530

quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authenticatio...

CVE-2025-59530

CVE-2025-59530 affects quic-go, a QUIC protocol implementation in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0 a misbehaving or malicious server can trigger an assertion during the handshake, causing a DoS by crashing the client. This requires no authentication and can occur during the han...

PT-2025-41573

Name of the Vulnerable Software and Affected Versions quic-go versions prior to 0.49.0 quic-go versions prior to 0.54.1 quic-go versions prior to 0.55.0 Description quic-go is an implementation of the QUIC protocol in Go. In affected versions, a malicious or misbehaving server can cause a...

PQUIC Security Vulnerabilities

PQUIC is a framework for PQUIC open source . Enables QUIC clients and servers to dynamically exchange protocol plug-ins, thereby extending the protocol on a per-connection basis. A security vulnerability exists in versions prior to PQUIC 5bde5bb, which stems from the retention of unused initial...

CVE-2018-10812

The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency initial keys, which allows local users to steal currency by leveraging root access to read /com.biepie/sharedprefs/com.bitpiepreferences.xml on Android or a plist file in the app data folder on iO...

CVE-2018-10812

The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency initial keys, which allows local users to steal currency by leveraging root access to read /com.biepie/sharedprefs/com.bitpiepreferences.xml on Android or a plist file in the app data folder on iO...