97 matches found
EUVD-2026-38003
Cloudflare Quiche: Use-after-free in connection ID iterator FFI functions...
Cloudflare Quiche: Use-after-free in connection ID iterator FFI functions
Impact Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The quicheconnectioniditernext and quicheconnretiredscidnext functions would return a pointer to a ConnectionId to the applications via function arguments, but the the owned...
CVE-2026-11941
Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The “quicheconnectioniditernext” and “quicheconnretiredscidnext” functions would return a pointer to a “ConnectionId” to the applications via function arguments, but the owned...
CVE-2026-11941 Use-after-free in connection ID iterator and FFI functions
Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The “quicheconnectioniditernext” and “quicheconnretiredscidnext” functions would return a pointer to a “ConnectionId” to the applications via function arguments, but the owned...
CVE-2026-11941
Cloudflare Quiche contains two use-after-free flaws in the FFI path for connection IDs. The issues affect the quiche_connection_id_iter_next and quiche_conn_retired_scid_next functions, where a owned ConnectionId is returned to the application via an argument but is dropped at the end of the func...
PT-2026-50870
Name of the Vulnerable Software and Affected Versions Cloudflare Quiche versions prior to 0.29.2 Description Two use-after-free issues exist in the connection ID iterator FFI Foreign Function Interface functions. The functions quiche connection id iter next and quiche conn retired scid next retur...
CVE-2026-44894
Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does not set one. Prior to version 4.2.15.Final, its writeToken returns false server will not send Retry — acceptable, but validateToken...
UBUNTU-CVE-2026-44894
Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does not set one. Prior to version 4.2.15.Final, its writeToken returns false server will not send Retry — acceptable, but validateToken...
Netty's Default QUIC token handler accepts any client-supplied token
NoQuicTokenHandler is the tokenHandler used when the application does not set one. Its writeToken returns false server will not send Retry — acceptable, but validateToken unconditionally return 0. In QuicheQuicServerCodec.handlePacket, a non-negative return from validateToken is interpreted as...
curl: HTTP/3 paused transfer buffers incoming data without bound up to ~1 GiB
Hi all, When a libcurl application's CURLOPTWRITEFUNCTION returns CURLWRITEFUNCPAUSE, libcurl routes subsequent incoming body data through cw-pause lib/cw-pause.c. The bufq inside cw-pause is initialised with BUFQOPTSOFTLIMIT and a chunk size of 16 KiB lib/cw-pause.c:51-52, which causes bufq to...
EUVD-2025-18652
Malicious code in bioql PyPI...
EUVD-2025-18651
Malicious code in bioql PyPI...
EUVD-2024-30726
Malicious code in bioql PyPI...
EUVD-2025-23915
Malicious code in bioql PyPI...
EUVD-2024-1042
Malicious code in bioql PyPI...
EUVD-2023-3306
Malicious code in bioql PyPI...
EUVD-2024-0855
Malicious code in bioql PyPI...
FreeBSD : quiche -- Multiple vulnerabilities (7b0cbc73-9955-11f0-b6e2-6805ca2fa271)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 7b0cbc73-9955-11f0-b6e2-6805ca2fa271 advisory. Quiche Releases reports: This update includes 2 security fixes: Tenable has extracted the...
FreeBSD : quiche -- Infinite loop triggered by connection ID retirement (32bdeb94-9958-11f0-b6e2-6805ca2fa271)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 32bdeb94-9958-11f0-b6e2-6805ca2fa271 advisory. Quiche Releases reports: This update includes 1 security fix: Tenable has extracted the preceding...
GHSA-M3HH-F9GH-74C2 vulnerabilities
Vulnerabilities for packages: quiche...