Lucene search
+L

155 matches found

nessus
nessus
added 6 days ago8 views

libcurl 8.18.0 < 8.21.0 QUIC UDP Denial of Service (CVE-2026-11352)

The version of libcurl installed on the remote host is 8.18.0 prior to 8.21.0. It is, therefore, affected by a denial of service vulnerability: - An issue in curl's QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client...

7.5CVSS6.4AI score0.0101EPSS
Exploits1References2
snyk
snyk
added 2026/07/03 8:18 a.m.10 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the udpreceive process. An attacker can cause the client to enter a busy-loop and become unresponsive by continuously sending zero-length UDP datagrams from a malicious HTTP/3 server. Remediation Upgrade libcurl to...

8.7CVSS6.2AI score0.0101EPSS
Exploits1References2
osv
osv
added 2026/07/03 7:16 a.m.4 views

ALPINE-CVE-2026-11352

An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can...

7.5CVSS6.7AI score0.0101EPSS
Exploits1References1
nvd
nvd
added 2026/07/03 7:16 a.m.8 views

CVE-2026-11352

An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can...

7.5CVSS0.0101EPSS
Exploits1References3
cvelist
cvelist
added 2026/07/03 6:12 a.m.47 views

CVE-2026-11352 QUIC zero-length UDP datagrams busy-loop

An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can...

0.0101EPSS
Exploits1References3
euvd
euvd
added 2026/07/03 6:12 a.m.9 views

EUVD-2026-41498

An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can...

6AI score0.0101EPSS
Exploits1References3
cve
cve
added 2026/07/03 6:12 a.m.36 views

CVE-2026-11352

The CVE-2026-11352 issue affects curl/libcurl: a bug in the QUIC UDP receive path discards zero-length UDP datagrams instead of counting them toward the per-call budget, enabling a connected HTTP/3 peer to continuously send empty datagrams and cause a remote denial-of-service against curl or libc...

7.5CVSS6.7AI score0.0101EPSS
Exploits1References3Affected Software1
osv
osv
added 2026/07/03 6:12 a.m.3 views

CVE-2026-11352 QUIC zero-length UDP datagrams busy-loop

An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can...

7.5CVSS6.4AI score0.0101EPSS
Exploits1References5
euvd
euvd
added 2026/07/02 4:6 p.m.8 views

EUVD-2026-41414

Time-of-check Time-of-use TOCTOU race condition vulnerability in Erlang/OTP ssl dtlspacketdemux module allows an unauthenticated remote attacker to crash all active DTLS sessions on a listener. A DTLS server listener uses a single shared dtlspacketdemux genserver process to route incoming UDP...

8.7CVSS5.8AI score0.00384EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/07/02 4:6 p.m.7 views

CVE-2026-55950

Time-of-check Time-of-use TOCTOU race condition vulnerability in Erlang/OTP ssl dtlspacketdemux module allows an unauthenticated remote attacker to crash all active DTLS sessions on a listener. A DTLS server listener uses a single shared dtlspacketdemux genserver process to route incoming UDP...

8.7CVSS5.8AI score0.00384EPSS
Exploits0References6Affected Software1
redhat
redhat
added 2026/07/02 3:43 p.m.3 views

curl: libcurl: curl/libcurl: Remote denial of service via QUIC UDP receive function vulnerability

A flaw was found in curl and libcurl. A malicious HTTP/3 server can exploit an issue in the QUIC UDP receive function by continuously streaming empty UDP datagrams. This can lead to a remote denial of service DoS against a curl or libcurl client, as the helper function discards zero-length UDP...

7.5CVSS6.1AI score0.0101EPSS
Exploits1References7
nessus
nessus
added 2026/06/26 12:0 a.m.19 views

Curl 8.18.0 < 8.21.0 QUIC Zero-Length UDP Datagrams DoS

The version of curl installed on the remote host is 8.18.0 prior to 8.21.0. It is, therefore, affected by a denial of service vulnerability: - An issue in curl's QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service by continuously streaming empty...

7.5CVSS6.3AI score0.0101EPSS
Exploits1References2
astralinux
astralinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: perform a shared-unconfirmed check before segmentation. Ulrich reports a regression with nfqueue: If an application does not set the ‘FGSO’ capability flag, and a gso packet with an unconfirmed nfconn...

7.5CVSS5.8AI score0.00595EPSS
Exploits0References2
osv
osv
added 2026/06/24 2:0 p.m.12 views

UBUNTU-CVE-2026-11352

An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can...

7.5CVSS6.4AI score0.0101EPSS
Exploits1References4
curl
curl
added 2026/06/24 8:0 a.m.10 views

QUIC zero-length UDP datagrams busy-loop

An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can...

7.5CVSS5.9AI score0.0101EPSS
Exploits1References1Affected Software2
osv
osv
added 2026/06/24 8:0 a.m.10 views

CURL-CVE-2026-11352 QUIC zero-length UDP datagrams busy-loop

An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can...

7.5CVSS5.9AI score0.0101EPSS
Exploits1
redhatcve
redhatcve
added 2026/06/05 7:47 p.m.15 views

CVE-2026-45180

Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids. If the communication channel to the statsd daemon is not secured for example, by sending UDP packets to a host on another network, then users' session ids may be leaked. This may allow an attacker to use session ids a...

7.5CVSS5.5AI score0.00244EPSS
Exploits0References1
hackerone
hackerone
added 2026/06/05 3:50 a.m.8 views

curl: CVE-2026-11352: QUIC zero-length UDP datagrams busy-loop

Summary: curl's QUIC UDP receive helper ignores zero-length UDP datagrams before counting them against the per-call packet budget. On Linux, recvmmsgpackets loops while pkts maxpkts, but if!mmsgi.msglen continue; runs before pkts is incremented. The recvmsgpackets backend has the same no-progress...

7.5CVSS5.9AI score0.0101EPSS
Exploits1
ptsecurity
ptsecurity
added 2026/06/05 12:0 a.m.20 views

PT-2026-51740

Name of the Vulnerable Software and Affected Versions cURL affected versions not specified libcurl affected versions not specified Description An issue in the QUIC UDP receive function allows a remote malicious HTTP/3 server to cause a denial of service. The helper function fails to count...

7.8CVSS6.7AI score0.0101EPSS
Exploits1References38
osv
osv
added 2026/05/26 12:0 a.m.3 views

CVE-2026-48683

FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read vulnerability in the NetFlow v9 data flowset processor. In src/netflowplugin/netflowv9collector.cpp, the Data template branch lines 1695-1702 iterates over flow records without performing a per-iteration bounds check agains...

6.5CVSS6.1AI score0.00331EPSS
Exploits0References5
Rows per page
Query Builder