Lucene search
K

34 matches found

Github Security Blog
Github Security Blog
added 2026/06/19 10:10 p.m.11 views

Cloudflare Quiche: Use-after-free in connection ID iterator FFI functions

Impact Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The quicheconnectioniditernext and quicheconnretiredscidnext functions would return a pointer to a ConnectionId to the applications via function arguments, but the the owned...

5.6CVSS5.8AI score0.0017EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-18651

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00723EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-18652

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.00673EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-23915

Malicious code in bioql PyPI...

8.7CVSS6.3AI score0.00385EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-1042

Malicious code in bioql PyPI...

5.3CVSS4.8AI score0.00662EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/08/09 3:26 p.m.16 views

CVE-2025-7054

Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRECONNECTIONID frames. QUIC connections possess a set of connection identifiers IDs; see Section 5.1 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000section-5.1 . Once the QUIC...

8.7CVSS7AI score0.00385EPSS
Exploits0References1
NVD
NVD
added 2025/08/07 4:15 p.m.15 views

CVE-2025-7054

Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRECONNECTIONID frames. QUIC connections possess a set of connection identifiers IDs; see Section 5.1 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000section-5.1 . Once the QUIC...

8.7CVSS0.00385EPSS
Exploits0References1
OSV
OSV
added 2025/08/07 3:19 p.m.5 views

CVE-2025-7054 Infinite loop triggered by connection ID retirement

Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRECONNECTIONID frames. QUIC connections possess a set of connection identifiers IDs; see Section 5.1 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000section-5.1 . Once the QUIC...

8.7CVSS7AI score0.00385EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/07 3:19 p.m.11 views

CVE-2025-7054 Infinite loop triggered by connection ID retirement

Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRECONNECTIONID frames. QUIC connections possess a set of connection identifiers IDs; see Section 5.1 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000section-5.1 . Once the QUIC...

8.7CVSS0.00385EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/07 3:19 p.m.3 views

CVE-2025-7054 Infinite loop triggered by connection ID retirement

Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRECONNECTIONID frames. QUIC connections possess a set of connection identifiers IDs; see Section 5.1 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000section-5.1 . Once the QUIC...

8.7CVSS6.7AI score0.00385EPSS
Exploits0References1
CVE
CVE
added 2025/08/07 3:19 p.m.80 views

CVE-2025-7054

The CVE-2025-7054 entry concerns Cloudflare’s quiche QUIC/TLS library, where an unauthenticated attacker can trigger an infinite loop by sending RETIRE_CONNECTION_ID frames. The issue arises from how retirement across paths can synchronize multiple active connection IDs, allowing a retirement fra...

8.7CVSS6.8AI score0.00385EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2025/08/07 3:19 p.m.3 views

CVE-2025-7054

Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRECONNECTIONID frames. QUIC connections possess a set of connection identifiers IDs; see Section 5.1 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000section-5.1 . Once the QUIC...

8.7CVSS7AI score0.00385EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/08/07 12:0 a.m.6 views

PT-2025-32266 · Cloudflare · Cloudflare Quiche

Name of the Vulnerable Software and Affected Versions: Cloudflare quiche versions 0.15.0 through 0.24.5 Description: Cloudflare quiche is susceptible to an infinite loop when processing packets containing RETIRE CONNECTION ID frames. QUIC connections utilize connection identifiers IDs with sequen...

8.7CVSS6.6AI score0.00385EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2025/06/24 12:0 a.m.38 views

The vulnerability of the software implementing the transport protocols QUIC and HTTP/3 in CloudFlare Quiche allows attackers to cause service interruptions due to unlimited resource distribution.

The vulnerability of the software implementing the transport protocols QUIC and HTTP/3 in CloudFlare Quiche lies in the fact that data is sent at a speed that exceeds the actual path support provided by the system due to unlimited resource distribution. Exploiting this vulnerability can allow a...

7.8CVSS5.4AI score0.00723EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/06/23 8:39 a.m.8 views

CVE-2025-4820

Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...

5.3CVSS7.7AI score0.00673EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/23 8:38 a.m.7 views

CVE-2025-4821

Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...

7.5CVSS7.9AI score0.00723EPSS
Exploits0References1
NVD
NVD
added 2025/06/18 4:15 p.m.9 views

CVE-2025-4821

Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...

7.5CVSS0.00723EPSS
Exploits0References1
NVD
NVD
added 2025/06/18 4:15 p.m.7 views

CVE-2025-4820

Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...

5.3CVSS0.00673EPSS
Exploits0References1
OSV
OSV
added 2025/06/18 3:47 p.m.5 views

CVE-2025-4821 Incorrect congestion window growth by invalid ACK ranges

Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...

7.5CVSS7AI score0.00723EPSS
Exploits0References3
CVE
CVE
added 2025/06/18 3:47 p.m.27 views

CVE-2025-4821

CVE-2025-4821 affects Cloudflare’s quiche (QUIC) prior to 0.24.4. The issue is “Incorrect congestion window growth” caused by processing invalid ACK ranges. An unauthenticated remote attacker can complete a handshake, initiate a congestion-controlled transfer, and send ACK frames covering a large...

7.5CVSS7.8AI score0.00723EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder