Lucene search
+L

37 matches found

osv
osv
added 2026/06/30 9:6 a.m.3 views

SUSE-SU-2026:2695-1 Security update for nodejs22

This update for nodejs22 fixes the following issues: - CVE-2026-48618: tls: normalize hostname for server identity checks bsc1268593. - CVE-2026-48933: crypto: guard WebCrypto cipher output length bsc1268592. - CVE-2026-48615: lib,test: redact proxy credentials in tunnel errors bsc1268598. -...

9.8CVSS6.1AI score0.02806EPSS
Exploits3References39
redhat
redhat
added 2026/06/10 12:31 p.m.8 views

ngtcp2: ngtcp2: Denial of service via stack buffer overflow during QUIC handshake

A flaw was found in ngtcp2, a C implementation of the IETF QUIC Quick UDP Internet Connections protocol. A remote attacker can exploit a stack buffer overflow vulnerability by sending specially crafted, large transport parameters during the QUIC handshake. This occurs when the qlog callback is...

7.5CVSS5.7AI score0.00776EPSS
Exploits1References6
redhat
redhat
added 2026/06/03 9:52 p.m.10 views

ngtcp2: ngtcp2: Denial of service via stack buffer overflow during QUIC handshake

A flaw was found in ngtcp2, a C implementation of the IETF QUIC Quick UDP Internet Connections protocol. A remote attacker can exploit a stack buffer overflow vulnerability by sending specially crafted, large transport parameters during the QUIC handshake. This occurs when the qlog callback is...

7.5CVSS5.9AI score0.00776EPSS
Exploits1References6
nessus
nessus
added 2026/05/26 12:0 a.m.11 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : ngtcp2 vulnerability (USN-8300-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8300-1 advisory. Zou Dikai discovered that ngtcp2 serialized peer transport parameters into a fixed 1024-byte stack buffer without bounds checking...

7.5CVSS6AI score0.00776EPSS
Exploits1References2
ubuntu
ubuntu
added 2026/05/25 10:58 a.m.20 views

USN-8300-1: ngtcp2 vulnerability

Zou Dikai discovered that ngtcp2 serialized peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog was enabled, a remote attacker could possibly use this issue to execute arbitrary code...

7.5CVSS5.9AI score0.00776EPSS
Exploits1
osv
osv
added 2026/05/25 10:58 a.m.9 views

USN-8300-1 ngtcp2 vulnerability

Zou Dikai discovered that ngtcp2 serialized peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog was enabled, a remote attacker could possibly use this issue to execute arbitrary code...

7.5CVSS5.9AI score0.00776EPSS
Exploits1References2
amazon
amazon
added 2026/04/30 12:0 a.m.9 views

Important: ngtcp2

Issue Overview: ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently...

7.5CVSS5.8AI score0.00776EPSS
Exploits1
nessus
nessus
added 2026/04/30 12:0 a.m.10 views

Amazon Linux 2023 : ngtcp2, ngtcp2-crypto-gnutls, ngtcp2-crypto-gnutls-devel (ALAS2023-2026-1633)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1633 advisory. ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer...

7.5CVSS6.1AI score0.00776EPSS
Exploits1References4
susecve
susecve
added 2026/04/17 11:25 p.m.5 views

SUSE CVE-2026-40170

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

7.5CVSS6AI score0.00776EPSS
Exploits1References9
redhatcve
redhatcve
added 2026/04/17 7:35 p.m.7 views

CVE-2026-40170

A flaw was found in ngtcp2, a C implementation of the IETF QUIC Quick UDP Internet Connections protocol. A remote attacker can exploit a stack buffer overflow vulnerability by sending specially crafted, large transport parameters during the QUIC handshake. This occurs when the qlog callback is...

7.5CVSS6.1AI score0.00776EPSS
Exploits1References5
nessus
nessus
added 2026/04/17 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-40170

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters...

7.5CVSS6AI score0.00776EPSS
Exploits1References2
osv
osv
added 2026/04/16 10:16 p.m.2 views

DEBIAN-CVE-2026-40170

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

7.5CVSS5.7AI score0.00776EPSS
Exploits1References1
osv
osv
added 2026/04/16 10:16 p.m.5 views

ALPINE-CVE-2026-40170

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

7.5CVSS5.9AI score0.00776EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/04/16 9:34 p.m.2 views

CVE-2026-40170

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

7.5CVSS6.1AI score0.00776EPSS
Exploits1References3Affected Software1
vulnrichment
vulnrichment
added 2026/04/16 9:34 p.m.3 views

CVE-2026-40170 ngtcp2 has a qlog transport parameter serialization stack buffer overflow

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

7.5CVSS6AI score0.00776EPSS
Exploits1References2
cve
cve
added 2026/04/16 9:34 p.m.56 views

CVE-2026-40170

ngtcp2 (QUIC) vulnerability: in versions before 1.22.1, ngtcp2_qlog_parameters_set_transport_params() writes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking, enabling a stack buffer overflow when qlog is enabled and large untrusted parameters are received dur...

7.5CVSS6.1AI score0.00776EPSS
Exploits1References9Affected Software1
debiancve
debiancve
added 2026/04/16 9:34 p.m.11 views

CVE-2026-40170

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

7.5CVSS5.7AI score0.00776EPSS
Exploits1
osv
osv
added 2026/04/16 9:34 p.m.1 views

CVE-2026-40170 ngtcp2 has a qlog transport parameter serialization stack buffer overflow

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

7.5CVSS7.4AI score0.00776EPSS
Exploits1References11
alpinelinux
alpinelinux
added 2026/04/16 9:34 p.m.2 views

CVE-2026-40170

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

7.5CVSS5.7AI score0.00776EPSS
Exploits1References9
cvelist
cvelist
added 2026/04/16 9:34 p.m.27 views

CVE-2026-40170 ngtcp2 has a qlog transport parameter serialization stack buffer overflow

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

7.5CVSS0.00776EPSS
Exploits1References2
Rows per page
Query Builder