6 matches found
UBUNTU-CVE-2026-40898
quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.59.1, an attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large trailer field section with many unique field...
CVE-2026-9114
Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via malicious network traffic. Chromium security severity: High...
[SECURITY] Fedora 44 Update: ngtcp2-1.22.1-1.fc44
"Call it TCP/2. One More Time." ngtcp2 project is an effort to implement RFC9000 QUIC protocol...
DEBIAN-CVE-2024-34161
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory...
golang: crypto/tls: panic when processing post-handshake message on QUIC connections
A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic...
golang: crypto/tls: panic when processing post-handshake message on QUIC connections
A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic...