UBUNTU-CVE-2026-40898

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.59.1, an attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large trailer field section with many unique field...

CVE-2026-9114

Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via malicious network traffic. Chromium security severity: High...

CVE-2026-35579

CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify to validate...

[SECURITY] Fedora 44 Update: ngtcp2-1.22.1-1.fc44

"Call it TCP/2. One More Time." ngtcp2 project is an effort to implement RFC9000 QUIC protocol...

No QUIC certificate pinning with wolfSSL

...

CVE-2024-2379

...

DEBIAN-CVE-2024-34161

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory...

The vulnerability of the QUIC protocol implementation in the Go programming language library quic-go, related to the unlimited distribution of resources, allows a attacker to cause service failures.

The vulnerability of the QUIC protocol implementation in the quic-go library written in the Go programming language is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

QUIC certificate check bypass with wolfSSL

libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems...

SUSE CVE-2024-2613

Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox 124...

golang: crypto/tls: panic when processing post-handshake message on QUIC connections

A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic...

golang: crypto/tls: panic when processing post-handshake message on QUIC connections

A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic...

The vulnerability in the implementation of the QUIC network protocol of Google Chrome allows a attacker to compromise the integrity of the protected information.

The vulnerability of Google Chrome’s QUIC protocol implementation is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to compromise the integrity of protected information from a remote location...