Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : ngtcp2 vulnerability (USN-8300-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8300-1 advisory. Zou Dikai discovered that ngtcp2 serialized peer transport parameters into a fixed 1024-byte stack buffer without bounds checking...

USN-8300-1 ngtcp2 vulnerability

Zou Dikai discovered that ngtcp2 serialized peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog was enabled, a remote attacker could possibly use this issue to execute arbitrary code...

USN-8300-1: ngtcp2 vulnerability

Zou Dikai discovered that ngtcp2 serialized peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog was enabled, a remote attacker could possibly use this issue to execute arbitrary code...

JLSEC-2026-426 When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool...

When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper chec...

Important: ngtcp2

Issue Overview: ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently...

[SECURITY] Fedora 44 Update: ngtcp2-1.22.1-1.fc44

"Call it TCP/2. One More Time." ngtcp2 project is an effort to implement RFC9000 QUIC protocol...

[SECURITY] Fedora 43 Update: ngtcp2-1.22.1-1.fc43

"Call it TCP/2. One More Time." ngtcp2 project is an effort to implement RFC9000 QUIC protocol...

Fedora 43 : ngtcp2 (2026-a0f25484e9)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-a0f25484e9 advisory. Update to 1.22.1 rhbz2452790 - Fixes CVE-2026-40170 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...

Fedora 44 : ngtcp2 (2026-705eb9cf95)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-705eb9cf95 advisory. Update to 1.22.1 rhbz2452790 - Fixes CVE-2026-40170 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...

[SECURITY] [DSA 6222-1] ngtcp2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6222-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 21, 2026 https://www.debian.org/security/faq -...

Debian dsa-6222 : libngtcp2-16 - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6222 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6222-1 [email protected] https://www.debian.org/security/...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: ngtcp2: ngtcp2-1.22.1-1.hum1 aarch64, x8664 ngtcp2-crypto-gnutls-1.22.1-1.hum1 aarch64, x8664 ngtcp2-crypto-gnutls-devel-1.22.1-1.hum1 aarch64, x8664 ngtcp2-crypto-ossl-1.22.1-1.hum1 aarch64, x86...

SUSE CVE-2026-40170

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

CVE-2026-40170

A flaw was found in ngtcp2, a C implementation of the IETF QUIC Quick UDP Internet Connections protocol. A remote attacker can exploit a stack buffer overflow vulnerability by sending specially crafted, large transport parameters during the QUIC handshake. This occurs when the qlog callback is...

Linux Distros Unpatched Vulnerability : CVE-2026-40170

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters...

DEBIAN-CVE-2026-40170

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

CVE-2026-40170

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

UBUNTU-CVE-2026-40170

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

CVE-2026-40170

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

CVE-2026-40170

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...