CVE-2025-64702
- EPSS 0.06%
- Veröffentlicht 11.12.2025 20:58:10
- Zuletzt bearbeitet 17.02.2026 15:58:28
quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a l...
CVE-2024-22189
- EPSS 0.07%
- Veröffentlicht 04.04.2024 15:15:37
- Zuletzt bearbeitet 21.11.2024 08:55:45
quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to res...
CVE-2023-49295
- EPSS 1.44%
- Veröffentlicht 10.01.2024 22:15:50
- Zuletzt bearbeitet 21.11.2024 08:33:12
quic-go is an implementation of the QUIC protocol (RFC 9000, RFC 9001, RFC 9002) in Go. An attacker can cause its peer to run out of memory sending a large number of PATH_CHALLENGE frames. The receiver is supposed to respond to each PATH_CHALLENGE fr...
CVE-2023-46239
- EPSS 0.43%
- Veröffentlicht 31.10.2023 16:15:09
- Zuletzt bearbeitet 21.11.2024 08:28:08
quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dere...
CVE-2022-30591
- EPSS 11.86%
- Veröffentlicht 06.07.2022 12:15:08
- Zuletzt bearbeitet 21.11.2024 07:02:59
quic-go through 0.27.0 allows remote attackers to cause a denial of service (CPU consumption) via a Slowloris variant in which incomplete QUIC or HTTP/3 requests are sent. This occurs because mtu_discoverer.go misparses the MTU Discovery service and ...