CVE-2026-21438
- EPSS 0.02%
- Veröffentlicht 12.02.2026 18:25:34
- Zuletzt bearbeitet 19.02.2026 22:50:30
webtransport-go is an implementation of the WebTransport protocol. Prior to 0.10.0, an attacker can cause unbounded memory consumption repeatedly creating and closing many WebTransport streams. Closed streams were not removed from an internal session...
CVE-2026-21435
- EPSS 0.02%
- Veröffentlicht 12.02.2026 18:22:58
- Zuletzt bearbeitet 19.02.2026 22:51:49
webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC ...
CVE-2026-21434
- EPSS 0.02%
- Veröffentlicht 12.02.2026 18:18:04
- Zuletzt bearbeitet 19.02.2026 22:53:24
webtransport-go is an implementation of the WebTransport protocol. From 0.3.0 to 0.9.0, an attacker can cause excessive memory consumption in webtransport-go's session implementation by sending a WT_CLOSE_SESSION capsule containing an excessively lar...