CVE-2026-44436
Quicly (QUIC implementation used with H2O) is vulnerable to a Denial of Service due to connection state corruption caused by a 255-byte Connection ID handling in the decoder, while QUIC version 1 requires a 20-byte CID buffer. The library lacked enforcement for 20-byte CIDs, allowing mismatched I...