Lucene search
+L

100 matches found

CVE
CVE
added 3 days ago11 views

CVE-2026-12707

CVE-2026-12707 affects Cloudflare quiche. After QUIC handshakes, an attacker can trigger unbounded queuing of PathEvent::ReusedSourceConnectionId during rapid source address migration, causing memory resource exhaustion. Affected component is quiche’s PathEvents collection (path_event_next() drai...

7.5CVSS6.1AI score0.00252EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 10:10 p.m.12 views

EUVD-2026-38003

Cloudflare Quiche: Use-after-free in connection ID iterator FFI functions...

5.6CVSS5.8AI score0.0017EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 10:10 p.m.15 views

Cloudflare Quiche: Use-after-free in connection ID iterator FFI functions

Impact Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The quicheconnectioniditernext and quicheconnretiredscidnext functions would return a pointer to a ConnectionId to the applications via function arguments, but the the owned...

5.6CVSS5.8AI score0.0017EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/19 12:16 p.m.16 views

CVE-2026-11941

Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The “quicheconnectioniditernext” and “quicheconnretiredscidnext” functions would return a pointer to a “ConnectionId” to the applications via function arguments, but the owned...

5.6CVSS0.0017EPSS
Exploits0References1
OSV
OSV
added 2026/06/19 9:55 a.m.4 views

CVE-2026-11941 Use-after-free in connection ID iterator and FFI functions

Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The “quicheconnectioniditernext” and “quicheconnretiredscidnext” functions would return a pointer to a “ConnectionId” to the applications via function arguments, but the owned...

5.6CVSS5.8AI score0.0017EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 9:55 a.m.31 views

CVE-2026-11941

Cloudflare Quiche contains two use-after-free flaws in the FFI path for connection IDs. The issues affect the quiche_connection_id_iter_next and quiche_conn_retired_scid_next functions, where a owned ConnectionId is returned to the application via an argument but is dropped at the end of the func...

5.6CVSS5.8AI score0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 9:55 a.m.33 views

CVE-2026-11941 Use-after-free in connection ID iterator and FFI functions

Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The “quicheconnectioniditernext” and “quicheconnretiredscidnext” functions would return a pointer to a “ConnectionId” to the applications via function arguments, but the owned...

5.6CVSS0.0017EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 9:55 a.m.7 views

CVE-2026-11941

Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The “quicheconnectioniditernext” and “quicheconnretiredscidnext” functions would return a pointer to a “ConnectionId” to the applications via function arguments, but the owned...

5.6CVSS5.8AI score0.0017EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.31 views

PT-2026-50870

Name of the Vulnerable Software and Affected Versions Cloudflare Quiche versions prior to 0.29.2 Description Two use-after-free issues exist in the connection ID iterator FFI Foreign Function Interface functions. The functions quiche connection id iter next and quiche conn retired scid next retur...

5.6CVSS5.8AI score0.0017EPSS
Exploits0References6
NVD
NVD
added 2026/06/12 3:16 p.m.13 views

CVE-2026-44894

Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does not set one. Prior to version 4.2.15.Final, its writeToken returns false server will not send Retry — acceptable, but validateToken...

7.5CVSS0.00143EPSS
Exploits0References5
OSV
OSV
added 2026/06/12 3:16 p.m.7 views

UBUNTU-CVE-2026-44894

Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does not set one. Prior to version 4.2.15.Final, its writeToken returns false server will not send Retry — acceptable, but validateToken...

7.5CVSS5.3AI score0.00143EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/08 10:59 p.m.14 views

Netty's Default QUIC token handler accepts any client-supplied token

NoQuicTokenHandler is the tokenHandler used when the application does not set one. Its writeToken returns false server will not send Retry — acceptable, but validateToken unconditionally return 0. In QuicheQuicServerCodec.handlePacket, a non-negative return from validateToken is interpreted as...

7.5CVSS5.4AI score0.00143EPSS
Exploits0References4Affected Software1
Hacker One
Hacker One
added 2026/05/14 10:48 a.m.34 views

curl: HTTP/3 paused transfer buffers incoming data without bound up to ~1 GiB

Hi all, When a libcurl application's CURLOPTWRITEFUNCTION returns CURLWRITEFUNCPAUSE, libcurl routes subsequent incoming body data through cw-pause lib/cw-pause.c. The bufq inside cw-pause is initialised with BUFQOPTSOFTLIMIT and a chunk size of 16 KiB lib/cw-pause.c:51-52, which causes bufq to...

5.8AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-1042

Malicious code in bioql PyPI...

5.3CVSS4.8AI score0.00662EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-3306

Malicious code in bioql PyPI...

5.3CVSS5.6AI score0.00763EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-30726

Malicious code in bioql PyPI...

7.5CVSS6.8AI score0.00693EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-18651

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00723EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-0855

Malicious code in bioql PyPI...

7.5CVSS5.9AI score0.01175EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-23915

Malicious code in bioql PyPI...

8.7CVSS6.3AI score0.00385EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-18652

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.00673EPSS
Exploits0References1
Rows per page
Query Builder