Lucene search
+L

9 matches found

AlpineLinux
AlpineLinux
added 2025/08/07 3:19 p.m.4 views

CVE-2025-7054

Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRECONNECTIONID frames. QUIC connections possess a set of connection identifiers IDs; see Section 5.1 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000section-5.1 . Once the QUIC...

8.7CVSS7AI score0.00385EPSS
Exploits0
CNNVD
CNNVD
added 2025/08/07 12:0 a.m.4 views

quiche 安全漏洞

quiche is a Cloudflare open source implementation of the IETF-designated QUIC transport protocol and HTTP/3. A security vulnerability exists in quiche versions prior to 0.15.0 through 0.24.5, which stems from a potential infinite loop when sending a packet containing a RETIRECONNECTIONID frame...

8.7CVSS6.4AI score0.00385EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/07 12:0 a.m.8 views

PT-2025-32266 · Cloudflare · Cloudflare Quiche

Name of the Vulnerable Software and Affected Versions: Cloudflare quiche versions 0.15.0 through 0.24.5 Description: Cloudflare quiche is susceptible to an infinite loop when processing packets containing RETIRE CONNECTION ID frames. QUIC connections utilize connection identifiers IDs with sequen...

8.7CVSS6.6AI score0.00385EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2024/10/28 1:27 p.m.5 views

quic-go: memory exhaustion attack against QUIC's connection ID mechanism

A flaw was found in quic-go. This issue may allow an attacker to trigger a denial of service by sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a RETIRECONNECTIONID frame, but the attacker can preve...

7.5CVSS5.8AI score0.011EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2024/04/09 2:30 a.m.4 views

SUSE CVE-2024-22189

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a...

7.5CVSS9.2AI score0.011EPSS
Exploits0References6
OSV
OSV
added 2024/04/04 3:15 p.m.2 views

DEBIAN-CVE-2024-22189

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a...

7.5CVSS7.7AI score0.011EPSS
Exploits0References1
OSV
OSV
added 2024/04/04 3:15 p.m.5 views

AZL-39851 CVE-2024-22189 affecting package coredns for versions less than 1.11.1-6

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a...

7.5CVSS7.2AI score0.011EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/02 12:0 a.m.4 views

PT-2024-2968

Name of the Vulnerable Software and Affected Versions quic-go versions prior to 0.42.0 Description The issue is related to the QUIC protocol implementation in quic-go, where an attacker can cause its peer to run out of memory by sending a large number of NEW CONNECTION ID frames that retire old...

7.8CVSS7.1AI score0.011EPSS
Exploits0References48
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.8 views

PT-2024-18020 · Quiche · Quiche

Name of the Vulnerable Software and Affected Versions: Quiche versions prior to 0.19.2 Quiche versions prior to 0.20.1 Description: The issue is related to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Each QUIC connectio...

5.3CVSS6.7AI score0.00662EPSS
Exploits0References15
Rows per page
Query Builder