CVE-2026-44433
CVE-2026-44433 affects the Quicly QUIC protocol implementation used with the H2O HTTP server. Prior to commit 8b178e6, an adversarial peer could send a STREAM frame carrying only a single byte at the largest permitted offset to obtain additional flow control credit, potentially causing memory exh...