CVE-2026-10740 Excessive memory allocation in s2n-quic

Unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before 1.8.2 may allow an unauthenticated remote actor to cause a denial of service degraded availability by sending crafted QUIC Initial packets. To remediate this issue, users should upgrade to v1.8.2...

CVE-2026-10740

CVE-2026-10740 affects s2n-quic prior to version 1.8.2, where an unbounded memory allocation in the CRYPTO frame reassembler can allow an unauthenticated remote actor to trigger a denial of service (degraded availability) by sending crafted QUIC Initial packets. The vulnerability is triggered dur...

s2n-quic 安全漏洞

s2n-quic is a high-performance QUIC protocol implementation library open source by Amazon Web Services. Versions of s2n-quic prior to 1.8.2 contained security vulnerabilities. These vulnerabilities stemmed from unbounded memory allocation in theCRYPTO frame reassembler, which could allow...

jsonwebtoken-aws-lc (=9.3.0), jwts (>=0.5.0 <=0.5.1) +2 more potentially affected by CVE-2026-4428 via aws-lc-sys (=0.21.0)

aws-lc-sys CARGO version =0.21.0 is affected by a known vulnerability. The following packages have a transitive dependency on aws-lc-sys and may be impacted: - jsonwebtoken-aws-lc =9.3.0 - jwts =0.5.0, =0.102.6, =0.20.0, =0.31.0 Source cves: CVE-2026-4428 Source advisory: OSV:GHSA-9F94-5G5W-GF6R...

jsonwebtoken-aws-lc (=9.3.0), jwts (>=0.5.0 <=0.5.1) +2 more potentially affected by CVE-2026-4428 via aws-lc-sys (=0.21.0)

aws-lc-sys CARGO version =0.21.0 is affected by a known vulnerability. The following packages have a transitive dependency on aws-lc-sys and may be impacted: - jsonwebtoken-aws-lc =9.3.0 - jwts =0.5.0, =0.102.6, =0.20.0, =0.31.0 Source cves: CVE-2026-4428 Source advisory: OSV:RUSTSEC-2026-0048...

jsonwebtoken-aws-lc (=9.3.0), jwts (>=0.5.0 <=0.5.1) +2 more potentially affected by CVE-2026-3337 via aws-lc-sys (>=0.14.1 <=0.21.0)

aws-lc-sys CARGO version =0.14.1, =0.5.0, =0.102.2, =0.20.0, =0.31.0 Source cves: CVE-2026-3337 Source advisory: OSV:GHSA-65P9-R9H6-22VJ...

msgtrans (>=0.1.0 <=0.1.6), s2n-quic (>=1.18.0 <=1.37.0) +3 more potentially affected by unknown CVE via s2n-tls (>=0.0.10 <=0.3.1)

s2n-tls CARGO version =0.0.10, =0.1.0, =1.18.0, =0.18.2, =0.18.2, =0.0.6, =0.3.1 Source cves: unknown CVE Source advisory: OSV:GHSA-RP9H-RF7G-HWGR...

msgtrans (>=0.1.0 <=0.1.6), s2n-quic (>=1.18.0 <=1.37.0) +3 more potentially affected by unknown CVE via s2n-tls (>=0.0.10 <=0.2.9)

s2n-tls CARGO version =0.0.10, =0.1.0, =1.18.0, =0.18.2, =0.18.2, =0.0.6, =0.2.11 Source cves: unknown CVE Source advisory: OSV:GHSA-857Q-XMPH-P2V5...

s2n-quic potential denial of service via crafted stream frames

Impact An issue in s2n-quic could result in unnecessary resource utilization when peers open streams beyond advertised limits. Impacted versions: = v1.30.0. Patches The patch is included in v1.31.0 1. Workarounds There is no workaround. Applications using s2n-quic should upgrade to the most recen...

GHSA-475V-PQ2G-FP9G s2n-quic potential denial of service via crafted stream frames

Impact An issue in s2n-quic could result in unnecessary resource utilization when peers open streams beyond advertised limits. Impacted versions: = v1.30.0. Patches The patch is included in v1.31.0 1. Workarounds There is no workaround. Applications using s2n-quic should upgrade to the most recen...

PT-2023-32973 · Amazon · S2N-Quic

Name of the Vulnerable Software and Affected Versions: s2n-quic versions prior to 1.31.0 Description: The issue in s2n-quic results in unnecessary resource utilization when peers open streams beyond advertised limits. Recommendations: For versions prior to 1.31.0, upgrade to version 1.31.0 or lat...

GHSA-RFHG-RJFP-9Q8Q Potential denial of service after connection migration

Impact An issue in s2n-quic results in the endpoint shutting down due to a combination of peer-initiated connection migration and duplicate new connection ID frames being received. No AWS services are affected by this issue, and customers of AWS services do not need to take action. Impacted...

Potential denial of service after connection migration

Impact An issue in s2n-quic results in the endpoint shutting down due to a combination of peer-initiated connection migration and duplicate new connection ID frames being received. No AWS services are affected by this issue, and customers of AWS services do not need to take action. Impacted...

PT-2023-33059 · Amazon · S2N-Quic

Name of the Vulnerable Software and Affected Versions: s2n-quic versions =v1.24.0 Description: The issue in s2n-quic causes the endpoint to shut down due to a combination of peer-initiated connection migration and duplicate new connection ID frames being received. No AWS services are affected, an...

GHSA-HXQ4-MX37-FQVG s2n-quic potential denial of service vulnerability when receiving empty UDP packets

Impact An issue in s2n-quic results in the endpoint shutting down after receiving an empty UDP packet on a connection. No AWS services are affected by this issue and customers of AWS services do not need to take action. Applications using s2n-quic should upgrade their application to the most rece...

s2n-quic potential denial of service vulnerability when receiving empty UDP packets

Impact An issue in s2n-quic results in the endpoint shutting down after receiving an empty UDP packet on a connection. No AWS services are affected by this issue and customers of AWS services do not need to take action. Applications using s2n-quic should upgrade their application to the most rece...

PT-2023-33031 · Amazon · S2N-Quic

Name of the Vulnerable Software and Affected Versions: s2n-quic version 1.22.0 Description: An issue in s2n-quic results in the endpoint shutting down after receiving an empty UDP packet on a connection. No AWS services are affected, and customers of AWS services do not need to take action...