Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Quic-go Project Subscribe
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-30591 1 Quic-go Project 1 Quic-go 2022-07-13 5.0 MEDIUM 7.5 HIGH
** DISPUTED ** quic-go through 0.27.0 allows remote attackers to cause a denial of service (CPU consumption) via a Slowloris variant in which incomplete QUIC or HTTP/3 requests are sent. This occurs because mtu_discoverer.go misparses the MTU Discovery service and consequently overflows the probe timer. NOTE: the vendor's position is that this behavior should not be listed as a vulnerability on the CVE List.