12 matches found
EUVD-2025-23915
Malicious code in bioql PyPI...
CVE-2025-7054
Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRECONNECTIONID frames. QUIC connections possess a set of connection identifiers IDs; see Section 5.1 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000section-5.1 . Once the QUIC...
CVE-2025-7054 Infinite loop triggered by connection ID retirement
Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRECONNECTIONID frames. QUIC connections possess a set of connection identifiers IDs; see Section 5.1 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000section-5.1 . Once the QUIC...
CVE-2024-22189
quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a...
CVE-2024-22189 QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack
quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a...
Connection ID Exhaustion
github.com/quic-go/quic-go is vulnerable to a Connection ID exhaustion. The vulnerability is caused by an attacker manipulating of the round-trip time RTT estimate of the peer by sending a large number of NEWCONNECTIONID frames to exhaust the memory of the receiver, which allows an attacker to...
GHSA-C33X-XQRF-C478 QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack
An attacker can cause its peer to run out of memory by sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a RETIRECONNECTIONID frame. The attacker can prevent the receiver from sending out the vast...
quiche vulnerable to unbounded storage of information related to connection ID retirement
Impact Cloudflare quiche was discovered to be vulnerable to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Each QUIC connection possesses a set of connection Identifiers IDs; see RFC 9000 Section 5.1. Endpoints declare the...
CVE-2024-1410
Cloudflare quiche was discovered to be vulnerable to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Each QUIC connection possesses a set of connection Identifiers IDs; see RFC 9000 Section 5.1...
Design/Logic Flaw
Cloudflare quiche was discovered to be vulnerable to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Each QUIC connection possesses a set of connection Identifiers IDs; see RFC 9000 Section 5.1...
CVE-2024-1410 Unbounded storage of information related to connection ID retirement, in quiche
Cloudflare quiche was discovered to be vulnerable to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Each QUIC connection possesses a set of connection Identifiers IDs; see RFC 9000 Section 5.1...
CVE-2024-1410 Unbounded storage of information related to connection ID retirement, in quiche
Cloudflare quiche was discovered to be vulnerable to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Each QUIC connection possesses a set of connection Identifiers IDs; see RFC 9000 Section 5.1...