12 matches found
CVE-2026-53622
CVE-2026-53622 concerns Traefik’s HTTP/3 (QUIC) TLS configuration selection. When HTTP/3 is enabled, the TLS handshake uses an exact, case-sensitive lookup of the SNI to choose a TLS config, which fails to match wildcard hosts or mixed-case hostnames. If a router enforces mTLS via TLSOptions and ...
ngtcp2: ngtcp2: Denial of service via stack buffer overflow during QUIC handshake
A flaw was found in ngtcp2, a C implementation of the IETF QUIC Quick UDP Internet Connections protocol. A remote attacker can exploit a stack buffer overflow vulnerability by sending specially crafted, large transport parameters during the QUIC handshake. This occurs when the qlog callback is...
RHEL 9 : samba (RHSA-2026:25049)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25049 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...
RHEL 10 : samba (RHSA-2026:22963)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22963 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...
CVE-2026-40170
ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...
RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update (Important) (RHSA-2025:23069)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23069 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
AZL-68781 CVE-2025-59530 affecting package coredns for versions less than 1.11.1-24
quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authenticatio...
EUVD-2024-0855
Malicious code in bioql PyPI...
quiche vulnerable to unlimited resource allocation by QUIC CRYPTO frames flooding
Impact Cloudflare Quiche through version 0.19.1/0.20.0 was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client. A remote attacker could take advantage of this vulnerability by repeatedly sending an unlimit...
CVE-2024-1765 Unlimited resource allocation by QUIC CRYPTO frames flooding in quiche
Cloudflare Quiche through version 0.19.1/0.20.0 was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client. A remote attacker could take advantage of this vulnerability by repeatedly sending an unlimited numb...
CVE-2024-1765
Cloudflare Quiche (up to 0.19.1/0.20.0) contains an unlimited resource allocation vulnerability where an attacker floods QUIC CRYPTO frames (1-RTT) after the QUIC handshake, causing rapid memory usage growth on the affected system. The issue affects both server and client implementations and coul...
GO-2023-2160 Panic during QUIC handshake in github.com/quic-go/quic-go
The QUIC handshake can cause a panic when processing a certain sequence of frames. A malicious peer can deliberately trigger this panic...