151 matches found
Astra Linux - уязвимость в firefox, thunderbird
A website configured to initiate a specially crafted WebTransport session could cause the Firefox process to crash, resulting in a denial-of-service condition. This vulnerability affects Firefox 131, Firefox ESR 128.3, Thunderbird 128.3, and Thunderbird 131...
Astra Linux - уязвимость в chromium
In Google Chrome, operations outside the bounds were allowed before 127.0.6533.88; this enabled a remote attacker to potentially perform out-of-bounds memory access through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в thunderbird, firefox
It was possible to cause a use-after-free in the content processing side of a WebTransport connection, resulting in a potentially exploitable crash. This vulnerability has been fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...
Astra Linux - уязвимость в chromium
The use of after-free in WebTransport in Google Chrome before version 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
SUSE CVE-2026-21434
webtransport-go is an implementation of the WebTransport protocol. From 0.3.0 to 0.9.0, an attacker can cause excessive memory consumption in webtransport-go's session implementation by sending a WTCLOSESESSION capsule containing an excessively large Application Error Message. The implementation...
SUSE CVE-2026-21435
webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream,...
SUSE CVE-2026-21438
webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their...
Centrifugo v6.6.0 dependency vulnerabilities
Summary Centrifugo v6.6.0 binary is compiled with Go 1.25.5 and statically links github.com/quic-go/webtransport-go v0.9.0, having 7 known CVEs Go standard library — compiled with Go 1.25.5: | CVE | Severity | CVSS | Fixed In | |-----|----------|------|----------| | CVE-2025-68121 | CRITICAL | 10...
GHSA-J9WF-6R2X-HQMX Centrifugo v6.6.0 dependency vulnerabilities
Summary Centrifugo v6.6.0 binary is compiled with Go 1.25.5 and statically links github.com/quic-go/webtransport-go v0.9.0, having 7 known CVEs Go standard library — compiled with Go 1.25.5: | CVE | Severity | CVSS | Fixed In | |-----|----------|------|----------| | CVE-2025-68121 | CRITICAL | 10...
GO-2026-4485 webtransport-go: Memory Exhaustion Attack due to Missing Length Check in WT_CLOSE_SESSION Capsule in github.com/quic-go/webtransport-go
webtransport-go: Memory Exhaustion Attack due to Missing Length Check in WTCLOSESESSION Capsule in github.com/quic-go/webtransport-go...
GO-2026-4483 webtransport-go: Memory Exhaustion Attack due to Missing Cleanup of Streams Map in github.com/quic-go/webtransport-go
webtransport-go: Memory Exhaustion Attack due to Missing Cleanup of Streams Map in github.com/quic-go/webtransport-go...
GO-2026-4488 webtransport-go: CloseWithError can block indefinitely in github.com/quic-go/webtransport-go
webtransport-go: CloseWithError can block indefinitely in github.com/quic-go/webtransport-go...
CVE-2026-21435
webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream,...
CVE-2026-21438
webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their...
CVE-2026-21434
webtransport-go is an implementation of the WebTransport protocol. From 0.3.0 to 0.9.0, an attacker can cause excessive memory consumption in webtransport-go's session implementation by sending a WTCLOSESESSION capsule containing an excessively large Application Error Message. The implementation...
CVE-2026-21438
webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their...
CVE-2026-21434
webtransport-go is an implementation of the WebTransport protocol. From 0.3.0 to 0.9.0, an attacker can cause excessive memory consumption in webtransport-go's session implementation by sending a WTCLOSESESSION capsule containing an excessively large Application Error Message. The implementation...
CVE-2026-21435
webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream,...
CVE-2026-21438
webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their...
CVE-2026-21438 webtransport-go affected by a Memory Exhaustion Attack due to Missing Cleanup of Streams Map
webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session map, preventing garbage collection of their...