EUVD-2025-23915

Malicious code in bioql PyPI...

EUVD-2023-3306

Malicious code in bioql PyPI...

EUVD-2025-18651

Malicious code in bioql PyPI...

GHSA-M3HH-F9GH-74C2 vulnerabilities

Vulnerabilities for packages: quiche...

SQUICD (>=0.1.0 <=0.1.1), bolic-network (=0.0.1) +7 more potentially affected by CVE-2025-7054 via quiche (>=0.16.0 <=0.22.0)

quiche CARGO version =0.16.0, =0.1.0, =0.2.4, =0.0.1, =0.0.2 - quiche-async =0.0.0 - quiche-tokio =0.1.0 - quiver-h3 =0.1.0 Source cves: CVE-2025-7054 Source advisory: OSV:GHSA-M3HH-F9GH-74C2...

GHSA-M3HH-F9GH-74C2 quiche connection ID retirement can trigger an infinite loop

Impact Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRECONNECTIONID frames. QUIC connections possess a set of connection identifiers IDs; see Section 5.1 of RFC 9000. Once the QUIC handshake completes, a local endpoint is responsible for...

quiche connection ID retirement can trigger an infinite loop

Impact Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRECONNECTIONID frames. QUIC connections possess a set of connection identifiers IDs; see Section 5.1 of RFC 9000. Once the QUIC handshake completes, a local endpoint is responsible for...

CVE-2025-7054

The CVE-2025-7054 entry concerns Cloudflare’s quiche QUIC/TLS library, where an unauthenticated attacker can trigger an infinite loop by sending RETIRE_CONNECTION_ID frames. The issue arises from how retirement across paths can synchronize multiple active connection IDs, allowing a retirement fra...

quiche 安全漏洞

quiche is a Cloudflare open source implementation of the IETF-designated QUIC transport protocol and HTTP/3. A security vulnerability exists in quiche versions prior to 0.15.0 through 0.24.5, which stems from a potential infinite loop when sending a packet containing a RETIRECONNECTIONID frame...

PT-2025-32266 · Cloudflare · Cloudflare Quiche

Name of the Vulnerable Software and Affected Versions: Cloudflare quiche versions 0.15.0 through 0.24.5 Description: Cloudflare quiche is susceptible to an infinite loop when processing packets containing RETIRE CONNECTION ID frames. QUIC connections utilize connection identifiers IDs with sequen...

CVE-2025-4820

Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...

CVE-2025-4821

Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...

CVE-2025-4820

Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...

CVE-2025-4821

Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...

CVE-2025-4820 Incorrect congestion window growth by optimistic ACK

Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...

PT-2025-26172 · Quiche · Quiche

Name of the Vulnerable Software and Affected Versions: quiche versions prior to 0.24.4 Description: The issue is related to incorrect congestion window growth, which could cause quiche to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can explo...

CVE-2023-6193

quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation RFC 9000 Section 8.2 requires that the recipient of a PATHCHALLENGE frame responds by sending a PATHRESPONSE. ...

masquerade-proxy (=0.1.0), monoio-quiche (=0.0.1) +3 more potentially affected by CVE-2024-1410 via quiche (>=0.10.0 <=0.18.0)

quiche CARGO version =0.10.0, =0.1.0, =0.6.9 - quiche-tokio =0.1.0 - quiver-h3 =0.1.0 Source cves: CVE-2024-1410 Source advisory: OSV:GHSA-XHG9-XWCH-VR7X...

CVE-2024-1410

Cloudflare quiche was discovered to be vulnerable to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Each QUIC connection possesses a set of connection Identifiers IDs; see RFC 9000 Section 5.1...

PT-2024-18020 · Quiche · Quiche

Name of the Vulnerable Software and Affected Versions: Quiche versions prior to 0.19.2 Quiche versions prior to 0.20.1 Description: The issue is related to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Each QUIC connectio...