CVE-2026-35579

CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify to validate...

The vulnerability of the QUIC protocol implementation in the Go programming language library quic-go, related to the unlimited distribution of resources, allows a attacker to cause service failures.

The vulnerability of the QUIC protocol implementation in the quic-go library written in the Go programming language is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

SUSE CVE-2024-2613

Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox 124...

The vulnerability in the implementation of the QUIC network protocol of Google Chrome allows a attacker to compromise the integrity of the protected information.

The vulnerability of Google Chrome’s QUIC protocol implementation is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to compromise the integrity of protected information from a remote location...