By vendor

Quic-Go_project vulnerabilities

Known CVEs affecting Quic-Go_project products, prioritized by severity, with SEC.co remediation and detection guidance.

1 published vulnerability

  • CVE-2026-40898MEDIUM 5.3

    quic-go, a Go-based QUIC protocol library, contains a denial-of-service flaw in its HTTP/3 implementation that allows remote attackers to exhaust server and client memory by sending malicious HTTP trailer fields. The vulnerability stems from inadequate validation of decoded trailer sizes—the library checks the compressed frame size but fails to enforce limits on the decompressed result. An attacker can craft QPACK-encoded headers with numerous unique field names or oversized values in the trailer section, forcing unbounded memory allocation and potentially crashing affected services.