| CVE-2026-40898 |
unknown |
— |
— |
|
|
|
11h ago |
quic-go: HTTP/3 QPACK Trailer Expansion Memory Exhaustion |
| CVE-2025-64702 |
unknown |
— |
— |
|
|
|
6mo ago |
quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending … |
| CVE-2025-59530 |
unknown |
— |
— |
|
|
|
8mo ago |
quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service (DoS) attack on the quic-go c… |
| CVE-2025-29785 |
unknown |
— |
— |
|
|
|
1y ago |
quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a mal… |
| CVE-2024-53259 |
unknown |
— |
— |
|
|
|
2y ago |
quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IP_PMTUDISC_DO, the kernel would then re… |
| CVE-2024-22189 |
unknown |
— |
— |
|
|
|
2y ago |
quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire … |
| CVE-2023-49295 |
unknown |
— |
— |
|
|
|
2y ago |
quic-go is an implementation of the QUIC protocol (RFC 9000, RFC 9001, RFC 9002) in Go. An attacker can cause its peer to run out of memory sending a large number of PATH_CHALLENGE frames. The receiv… |
| CVE-2023-46239 |
unknown |
— |
— |
|
|
|
3y ago |
quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handsh… |
