17 matches found
CVE-2026-35579
CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify to validate...
CVE-2026-35579 CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports
CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify to validate...
CoreDNS has TSIG authentication bypass on gRPC and QUIC transports
Summary The gRPC, QUIC, DoH, and DoH3 transports in CoreDNS incorrectly handle TSIG authentication. For gRPC and QUIC, CoreDNS checks whether the TSIG key name exists in the config, but does not actually verify the TSIG HMAC. If the key name matches, tsigStatus remains nil and the tsig plugin...
GHSA-VP29-5652-4FW9 CoreDNS has TSIG authentication bypass on gRPC and QUIC transports
Summary The gRPC, QUIC, DoH, and DoH3 transports in CoreDNS incorrectly handle TSIG authentication. For gRPC and QUIC, CoreDNS checks whether the TSIG key name exists in the config, but does not actually verify the TSIG HMAC. If the key name matches, tsigStatus remains nil and the tsig plugin...
Linux Distros Unpatched Vulnerability : CVE-2026-40170
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters...
DEBIAN-CVE-2026-31812
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed...
CVE-2026-31812 Quinn affected by unauthenticated remote DoS via panic in QUIC transport parameter parsing
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed...
CVE-2026-31812
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed...
CVE-2026-31812
In Quinn (Rust, QUIC), the quinn-proto parsing path decodes attacker-controlled varints with unwrap(), so a crafted QUIC Initial packet containing malformed quic_transport_parameters can trigger an unexpected end and panic. This remote, unauthenticated DoS is reachable over the network and affect...
EUVD-2024-2878
Malicious code in bioql PyPI...
EUVD-2023-2573
Malicious code in bioql PyPI...
CVE-2023-42805
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases...
Improper Release of Memory Before Removing Last Reference ('Memory Leak')
Overview Affected versions of this package are vulnerable to Improper Release of Memory Before Removing Last Reference 'Memory Leak' in the QUIC transport parameters when multiple instances are present or multiple calls to the decode happen. An attacker can cause a denial of service when the MsQu...
CVE-2023-42805
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases...
CVE-2023-42805
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases...
CVE-2023-42805 quinn-proto Denial of Service vulnerability
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases...
CVE-2023-42805 quinn-proto Denial of Service vulnerability
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases...