CVE-2026-40170— ngtcp2 安全漏洞

ngtcp2 has a qlog transport parameter serialization stack buffer overflow

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport parameters during the QUIC handshake to cause writes beyond the buffer boundary, resulting in a stack buffer overflow. This affects deployments that enable the qlog callback and process untrusted peer transport parameters. This issue has been fixed in version 1.22.1. If developers are unable to immediately upgrade, they can disable the qlog on client.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

栈缓冲区溢出

ngtcp2 安全漏洞

ngtcp2是ngtcp2开源的一个库。 ngtcp2 1.22.1之前版本存在安全漏洞，该漏洞源于启用qlog时，ngtcp2_qlog_parameters_set_transport_params函数将传输参数序列化到固定大小的栈缓冲区时未进行边界检查，可能导致栈缓冲区溢出。

N/A

N/A