CVE-2026-11941 Use-after-free in connection ID iterator and FFI functions
Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The “quicheconnectioniditernext” and “quicheconnretiredscidnext” functions would return a pointer to a “ConnectionId” to the applications via function arguments, but the owned...