Lucene search
+L

4 matches found

nessus
nessus
added 2026/05/26 12:0 a.m.11 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : ngtcp2 vulnerability (USN-8300-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8300-1 advisory. Zou Dikai discovered that ngtcp2 serialized peer transport parameters into a fixed 1024-byte stack buffer without bounds checking...

7.5CVSS6AI score0.00776EPSS
Exploits1References2
ubuntu
ubuntu
added 2026/05/25 10:58 a.m.20 views

USN-8300-1: ngtcp2 vulnerability

Zou Dikai discovered that ngtcp2 serialized peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog was enabled, a remote attacker could possibly use this issue to execute arbitrary code...

7.5CVSS5.9AI score0.00776EPSS
Exploits1
redhatcve
redhatcve
added 2026/04/17 7:35 p.m.8 views

CVE-2026-40170

A flaw was found in ngtcp2, a C implementation of the IETF QUIC Quick UDP Internet Connections protocol. A remote attacker can exploit a stack buffer overflow vulnerability by sending specially crafted, large transport parameters during the QUIC handshake. This occurs when the qlog callback is...

7.5CVSS6.1AI score0.00776EPSS
Exploits1References5
nessus
nessus
added 2026/04/17 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-40170

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters...

7.5CVSS6AI score0.00776EPSS
Exploits1References2
Rows per page
Query Builder