Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

quic-go — Vulnerabilities & Security Advisories 10

Browse all 10 CVE security advisories affecting quic-go. AI-powered Chinese analysis, POCs, and references for each vulnerability.

QUIC-Go is a Go implementation of the QUIC protocol, primarily used for building high-performance, low-latency network applications. Historically, it has been susceptible to remote code execution, denial-of-service, and information disclosure vulnerabilities, often stemming from improper input validation and memory corruption issues. The project maintains a moderate security posture with 10 CVEs recorded, addressing issues like buffer overflows and protocol parsing flaws. While no major public incidents have been documented, the project's active development and regular updates suggest ongoing efforts to mitigate potential risks, making it a viable but security-conscious choice for developers implementing QUIC-based solutions.

Top products by quic-go: quic-go webtransport-go
CVE IDTitleCVSSSeverityPublished
CVE-2026-21438 webtransport-go affected by a Memory Exhaustion Attack due to Missing Cleanup of Streams Map — webtransport-goCWE-401 5.3 Medium2026-02-12
CVE-2026-21435 webtransport-go CloseWithError can block indefinitely — webtransport-goCWE-400 5.3 Medium2026-02-12
CVE-2026-21434 webtransport-go affected by Memory Exhaustion Attack due to Missing Length Check in WT_CLOSE_SESSION Capsule — webtransport-goCWE-770 5.3 Medium2026-02-12
CVE-2025-64702 quic-go HTTP/3 QPACK Header Expansion DoS — quic-goCWE-770 5.3 Medium2025-12-11
CVE-2025-59530 quic-go has Client Crash Due to Premature HANDSHAKE_DONE Frame — quic-goCWE-617 7.5 High2025-10-10
CVE-2025-29785 quic-go Has Panic in Path Probe Loss Recovery Handling — quic-goCWE-248 7.5 High2025-06-02
CVE-2024-53259 quic-go affected by an ICMP Packet Too Large Injection Attack on Linux — quic-goCWE-345 6.5 Medium2024-12-02
CVE-2024-22189 QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack — quic-goCWE-770 7.5 High2024-04-04
CVE-2023-49295 quic-go's path validation mechanism can cause denial of service — quic-goCWE-400 6.4 Medium2024-01-10
CVE-2023-46239 quic-go vulnerable to pointer dereference that can lead to panic — quic-goCWE-248 7.5 High2023-10-31

This page lists every published CVE security advisory associated with quic-go. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.