Lucene search
K

238 matches found

CVE
CVE
added 5 hours ago9 views

CVE-2026-11352

CVE-2026-11352 affects curl/libcurl. A bug in QUIC UDP receive handling discards zero-length UDP datagrams toward the per-call budget, allowing a connected HTTP/3 server to continuously stream empty datagrams and cause a remote denial of service on the client. The provided documents do not specif...

6.7AI score
Exploits0References3
OSV
OSV
added 3 days ago2 views

DEBIAN-CVE-2026-13799

Use after free in QUIC in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. Chromium security severity: High...

8.1CVSS5.8AI score0.00298EPSS
Exploits0References1
NVD
NVD
added 3 days ago3 views

CVE-2026-13799

Use after free in QUIC in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. Chromium security severity: High...

8.1CVSS0.00298EPSS
Exploits0References2
CVE
CVE
added 3 days ago5 views

CVE-2026-13799

CVE-2026-13799 is a heap-corruption risk caused by a Use-After-Free in QUIC within Google Chrome prior to 150.0.7871.47. Public sources consistently describe the vulnerability as a QUIC-related use-after-free issue that could be triggered by malicious network traffic, leading to potential heap co...

8.1CVSS5.8AI score0.00298EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/25 12:23 p.m.5 views

EUVD-2026-39350

An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to trigger an out-of-memo...

5.3CVSS6.1AI score0.00413EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Chromium

The use of “after free” in QUIC in Google Chrome before version 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.7AI score0.0094EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Firefox

Data was not properly sanitized during the decoding of a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox versions earlier than 124...

7.5CVSS7.1AI score0.00501EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/13 2:21 a.m.7 views

SUSE CVE-2026-34183

Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATHCHALLENGE frames. Impact summary: A malicious remote peer can cause an unbounded memory allocation which can lead to an abnormal termination of the application acting as a QU...

6.5CVSS5.4AI score0.00511EPSS
Exploits0References5
NVD
NVD
added 2026/06/12 4:16 p.m.14 views

CVE-2026-50009

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the...

4.8CVSS0.00204EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 2:47 p.m.8 views

CVE-2026-50009 Netty QUIC stateless reset token material exposed through header-visible connection IDs

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the...

4.8CVSS5.4AI score0.00204EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48901

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.2.15.Final Description Netty QUIC exposes the stateless reset token on the network path when utilizing the default HMAC-based connection-ID and stateless-reset-token generators. Specifically, the...

4.8CVSS5.3AI score0.00204EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.10 views

openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

A flaw was found in OpenSSL's QUIC PATHCHALLENGE handler. A remote attacker can exploit this vulnerability by flooding a QUIC client or server with specially crafted PATHCHALLENGE frames. This leads to unbounded memory allocation within the local QUIC stack, as the system continuously allocates...

7.5CVSS5.5AI score0.00511EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/10 1:0 p.m.11 views

CVE-2026-34183

A flaw was found in OpenSSL's QUIC PATHCHALLENGE handler. A remote attacker can exploit this vulnerability by flooding a QUIC client or server with specially crafted PATHCHALLENGE frames. This leads to unbounded memory allocation within the local QUIC stack, as the system continuously allocates...

7.5CVSS7AI score0.00511EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/09 6:33 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the QUIC stack, when flooded with PATHCHALLENGE frames. A malicious remote peer can exhaust heap memory and terminate a QUIC client or server. Remediation A fix was pushed into the...

8.7CVSS5.4AI score0.00511EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:30 p.m.10 views

EUVD-2026-35481

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

7.5CVSS5.5AI score0.00684EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/09 6:30 p.m.10 views

EUVD-2026-35479

Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATHCHALLENGE frames. Impact summary: A malicious remote peer can cause an unbounded memory allocation which can lead to an abnormal termination of the application acting as a QU...

5.5AI score0.00511EPSS
Exploits0References6
NVD
NVD
added 2026/06/09 5:17 p.m.16 views

CVE-2026-34183

Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATHCHALLENGE frames. Impact summary: A malicious remote peer can cause an unbounded memory allocation which can lead to an abnormal termination of the application acting as a QU...

7.5CVSS0.00511EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/09 4:3 p.m.7 views

CVE-2026-34183 Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATHCHALLENGE frames. Impact summary: A malicious remote peer can cause an unbounded memory allocation which can lead to an abnormal termination of the application acting as a QU...

5.5AI score0.00511EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.23 views

PT-2026-47834

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description A NULL pointer dereference occurs in the OpenSSL QUIC server when receiving a QUIC initial packet containing an invalid or expired token. This issue is triggered specifically when address...

7.5CVSS5.5AI score0.00684EPSS
Exploits0References104
OSV
OSV
added 2026/06/09 12:0 a.m.5 views

UBUNTU-CVE-2026-42764

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

7.5CVSS5.4AI score0.00684EPSS
Exploits0References4
Rows per page
Query Builder