Lucene search
+L

26 matches found

NVD
NVD
added yesterday5 views

CVE-2026-44436

Quicly is an IETF QUIC protocol implementation intended primarily for use within the H2O HTTP server. Prior to commit 8b178e6, Quicly is vulnerable to a Denial of Service attack through connection state corruption. In QUIC Invariants, the maximum length of a Connection ID is 255 bytes, while QUIC...

7.5CVSS0.00052EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday27 views

CVE-2026-44436 Quicly is vulnerable to connection state corruption

Quicly is an IETF QUIC protocol implementation intended primarily for use within the H2O HTTP server. Prior to commit 8b178e6, Quicly is vulnerable to a Denial of Service attack through connection state corruption. In QUIC Invariants, the maximum length of a Connection ID is 255 bytes, while QUIC...

7.5CVSS0.00052EPSS
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-44436

Quicly (QUIC implementation used with H2O) is vulnerable to a Denial of Service due to connection state corruption caused by a 255-byte Connection ID handling in the decoder, while QUIC version 1 requires a 20-byte CID buffer. The library lacked enforcement for 20-byte CIDs, allowing mismatched I...

7.5CVSS6AI score0.00052EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday29 views

CVE-2026-44435 Quicly: Remote Denial of Service via assertion failure when CRYPTO stream handshake data exceeds 32KB

Quicly is an IETF QUIC protocol implementation intended primarily for use within the H2O HTTP server. Prior to commit 937d0e9, an assertion failure is raised when the total number of valid handshake messages received over a CRYPTO stream of a single packet number space exceeds 32KB, causing a...

7.5CVSS0.00052EPSS
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-44435

CVE-2026-44435 : Quicly (QUIC protocol implementation used with H2O) contains an assertion failure that triggers a Denial of Service when the total number of valid handshake messages over a CRYPTO stream within a single packet number space exceeds 32KB. The issue is fixed by commit 937d0e9. Affec...

7.5CVSS6AI score0.00052EPSS
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-44434

Quicly (QUIC protocol implementation used with H2O HTTP server) was vulnerable to stateless reset injection before commit dccf5d4 due to lack of packet entry validation, allowing an on-path attacker to reset QUIC connections by exploiting zero-initialized secret-pattern slots. The issue has been ...

5.3CVSS6AI score0.00051EPSS
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-44433

CVE-2026-44433 affects the Quicly QUIC protocol implementation used with the H2O HTTP server. Prior to commit 8b178e6, an adversarial peer could send a STREAM frame carrying only a single byte at the largest permitted offset to obtain additional flow control credit, potentially causing memory exh...

5.3CVSS6AI score0.00051EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/20 3:28 p.m.14 views

CVE-2025-61684

Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit...

7.5CVSS5.6AI score0.00332EPSS
Exploits0References1
NVD
NVD
added 2026/01/19 4:15 p.m.7 views

CVE-2025-61684

Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit...

7.5CVSS0.00332EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/19 3:18 p.m.26 views

CVE-2025-61684 Quicly has assertion failures

Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit...

7.5CVSS0.00332EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/19 3:18 p.m.4 views

CVE-2025-61684 Quicly has assertion failures

Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit...

7.5CVSS5.6AI score0.00332EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/19 3:18 p.m.6 views

EUVD-2025-206302

Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit...

7.5CVSS5.6AI score0.00332EPSS
Exploits0References2
CVE
CVE
added 2026/01/19 3:18 p.m.21 views

CVE-2025-61684

CVE-2025-61684 affects Quicly, an IETF QUIC protocol implementation. The vulnerability is a denial-of-service caused by an assertion failure that crashes the process, exploitable before commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. The issue is mitigated by the mentioned commit which fixes the...

7.5CVSS5.6AI score0.00332EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/19 3:18 p.m.5 views

CVE-2025-61684

Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit...

7.5CVSS5.5AI score0.00332EPSS
Exploits0References3
OSV
OSV
added 2026/01/19 3:18 p.m.6 views

CVE-2025-61684 Quicly has assertion failures

Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit...

7.5CVSS5.6AI score0.00332EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/19 12:0 a.m.6 views

Quicly input validation error vulnerability

Quicly is an implementation of the IETF QUIC protocol developed by H2O OpenSource. Previous versions of Quicly had a vulnerability related to input validation errors. This vulnerability allowed remote attackers to exploit these errors to trigger assertion failures, potentially causing processes...

7.5CVSS5.8AI score0.00332EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.10 views

PT-2026-3445

Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit...

7.5CVSS5.6AI score0.00332EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-41457

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00561EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 3:40 a.m.14 views

CVE-2024-45396

Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using quicly. The vulnerability is addressed with commit...

7.5CVSS7AI score0.00561EPSS
Exploits0
NVD
NVD
added 2024/10/11 3:15 p.m.12 views

CVE-2024-45396

Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using quicly. The vulnerability is addressed with commit...

7.5CVSS0.00561EPSS
Exploits0References2
Rows per page
Query Builder