Lucene search
K

5 matches found

CVE
CVE
added 2026/07/03 6:12 a.m.28 views

CVE-2026-11352

The CVE-2026-11352 issue affects curl/libcurl: a bug in the QUIC UDP receive path discards zero-length UDP datagrams instead of counting them toward the per-call budget, enabling a connected HTTP/3 peer to continuously send empty datagrams and cause a remote denial-of-service against curl or libc...

7.5CVSS6.7AI score0.0101EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/06/24 8:0 a.m.9 views

CURL-CVE-2026-11352 QUIC zero-length UDP datagrams busy-loop

An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can...

7.5CVSS5.9AI score0.0101EPSS
Exploits1
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.7 views

QUIC zero-length UDP datagrams busy-loop

An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can...

7.5CVSS5.9AI score0.0101EPSS
Exploits1References1Affected Software2
Snyk
Snyk
added 2026/01/08 4:41 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of resource-limiting controls in the gRPC, HTTPS, and HTTP3 server implementations. An attacker can exhaust memory and cause the server to degrade or crash by opening...

8.7CVSS6.8AI score0.00412EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/08 3:33 p.m.4 views

CVE-2025-68151 CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent...

8.7CVSS6.8AI score0.00412EPSS
Exploits0References3
Rows per page
Query Builder