CVE-2025-55181

Sending an HTTP request/response body with greater than 2^31 bytes triggers an infinite loop in proxygen::coro::HTTPQuicCoroSession which blocks the backing event loop and unconditionally appends data to a std::vector per-loop iteration. This issue leads to unbounded memory growth and eventually...

CVE-2025-55181

Sending an HTTP request/response body with greater than 2^31 bytes triggers an infinite loop in proxygen::coro::HTTPQuicCoroSession which blocks the backing event loop and unconditionally appends data to a std::vector per-loop iteration. This issue leads to unbounded memory growth and eventually...

PT-2025-48784

Name of the Vulnerable Software and Affected Versions proxygen affected versions not specified Description An excessively large HTTP request or response body—greater than 2^31 bytes—can cause an infinite loop within the proxygen::coro::HTTPQuicCoroSession component. This loop obstructs the event...

EUVD-2021-10949

Malware in sbrugna...

EUVD-2025-21179

Malicious code in bioql PyPI...

CVE-2025-30403

A heap-buffer-overflow vulnerability is possible in mvfst via a specially crafted message during a QUIC session. This issue affects mvfst versions prior to v2025.07.07.00...

CVE-2025-30403

A heap-buffer-overflow vulnerability is possible in mvfst via a specially crafted message during a QUIC session. This issue affects mvfst versions prior to v2025.07.07.00...

CVE-2025-30403

CVE-2025-30403 affects mvfst, where a heap-buffer-overflow can be triggered by a specially crafted QUIC message. Affected versions are mvfst prior to v2025.07.07.00. The issue stems from how mvfst handles certain input during QUIC sessions, potentially enabling a crash or memory corruption. Publi...

CVE-2025-30403

A heap-buffer-overflow vulnerability is possible in mvfst via a specially crafted message during a QUIC session. This issue affects mvfst versions prior to v2025.07.07.00...

CVE-2025-30403

A heap-buffer-overflow vulnerability is possible in mvfst via a specially crafted message during a QUIC session. This issue affects mvfst versions prior to v2025.07.07.00...

PT-2025-29273 · Mvfst · Mvfst

Name of the Vulnerable Software and Affected Versions: mvfst versions prior to v2025.07.07.00 Description: A heap-buffer-overflow vulnerability exists in mvfst. This issue occurs when processing a specially crafted message during a QUIC session. Recommendations: Update mvfst to version...

Fedora 39 : nginx (2024-2e4858330c)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-2e4858330c advisory. Security: when using HTTP/3, processing of a specially crafted QUIC session might cause a worker process crash, worker process memory disclosure on...

Fedora 40 : nginx (2024-06e6dcbb42)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-06e6dcbb42 advisory. Security: when using HTTP/3, processing of a specially crafted QUIC session might cause a worker process crash, worker process memory disclosure on...

CVE-2024-24990

A flaw was found in the nginx HTTP/3 implementation. This issue may allow an attacker to use a specially crafted QUIC session to trigger a use-after-free condition, causing a worker process to crash, leading to a denial of service...

nginx-devel -- Multiple Vulnerabilities in HTTP/3

The nginx development team reports: When using HTTP/3 a segmentation fault might occur in a worker process while processing a specially crafted QUIC session...