Lucene search
K

8 matches found

Tenable Nessus
Tenable Nessus
added 4 days ago8 views

libcurl 8.18.0 < 8.21.0 QUIC UDP Denial of Service (CVE-2026-11352)

The version of libcurl installed on the remote host is 8.18.0 prior to 8.21.0. It is, therefore, affected by a denial of service vulnerability: - An issue in curl's QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client...

7.5CVSS6.4AI score0.0101EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/03 8:18 a.m.10 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the udpreceive process. An attacker can cause the client to enter a busy-loop and become unresponsive by continuously sending zero-length UDP datagrams from a malicious HTTP/3 server. Remediation Upgrade libcurl to...

8.7CVSS6.2AI score0.0101EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/07/03 6:12 a.m.46 views

CVE-2026-11352 QUIC zero-length UDP datagrams busy-loop

An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can...

0.0101EPSS
Exploits1References3
CVE
CVE
added 2026/07/03 6:12 a.m.30 views

CVE-2026-11352

The CVE-2026-11352 issue affects curl/libcurl: a bug in the QUIC UDP receive path discards zero-length UDP datagrams instead of counting them toward the per-call budget, enabling a connected HTTP/3 peer to continuously send empty datagrams and cause a remote denial-of-service against curl or libc...

7.5CVSS6.7AI score0.0101EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.18 views

Curl 8.18.0 < 8.21.0 QUIC Zero-Length UDP Datagrams DoS

The version of curl installed on the remote host is 8.18.0 prior to 8.21.0. It is, therefore, affected by a denial of service vulnerability: - An issue in curl's QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service by continuously streaming empty...

7.5CVSS6.3AI score0.0101EPSS
Exploits1References2
OSV
OSV
added 2026/06/24 8:0 a.m.9 views

CURL-CVE-2026-11352 QUIC zero-length UDP datagrams busy-loop

An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can...

7.5CVSS5.9AI score0.0101EPSS
Exploits1
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.9 views

QUIC zero-length UDP datagrams busy-loop

An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can...

7.5CVSS5.9AI score0.0101EPSS
Exploits1References1Affected Software2
Hacker One
Hacker One
added 2026/06/05 3:50 a.m.7 views

curl: CVE-2026-11352: QUIC zero-length UDP datagrams busy-loop

Summary: curl's QUIC UDP receive helper ignores zero-length UDP datagrams before counting them against the per-call packet budget. On Linux, recvmmsgpackets loops while pkts maxpkts, but if!mmsgi.msglen continue; runs before pkts is incremented. The recvmsgpackets backend has the same no-progress...

7.5CVSS5.9AI score0.0101EPSS
Exploits1
Rows per page
Query Builder