GO-2026-4483 webtransport-go: Memory Exhaustion Attack due to Missing Cleanup of Streams Map in github.com/quic-go/webtransport-go

webtransport-go: Memory Exhaustion Attack due to Missing Cleanup of Streams Map in github.com/quic-go/webtransport-go...

CVE-2026-21438 webtransport-go affected by a Memory Exhaustion Attack due to Missing Cleanup of Streams Map

webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their...

CVE-2026-21438 webtransport-go affected by a Memory Exhaustion Attack due to Missing Cleanup of Streams Map

webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their...

Incomplete Cleanup

Overview Affected versions of this package are vulnerable to Incomplete Cleanup due to the improper cleanup of the streams map. An attacker can cause unbounded memory consumption by repeatedly creating and closing a large number of streams, leading to resource exhaustion. Remediation Upgrade...