Browse all 10 CVE security advisories affecting quic-go. AI-powered Chinese analysis, POCs, and references for each vulnerability.
QUIC-Go is a Go implementation of the QUIC protocol, primarily used for building high-performance, low-latency network applications. Historically, it has been susceptible to remote code execution, denial-of-service, and information disclosure vulnerabilities, often stemming from improper input validation and memory corruption issues. The project maintains a moderate security posture with 10 CVEs recorded, addressing issues like buffer overflows and protocol parsing flaws. While no major public incidents have been documented, the project's active development and regular updates suggest ongoing efforts to mitigate potential risks, making it a viable but security-conscious choice for developers implementing QUIC-based solutions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-64702 | quic-go HTTP/3 QPACK Header Expansion DoS — quic-goCWE-770 | 5.3 | Medium | 2025-12-11 |
| CVE-2025-59530 | quic-go has Client Crash Due to Premature HANDSHAKE_DONE Frame — quic-goCWE-617 | 7.5 | High | 2025-10-10 |
| CVE-2025-29785 | quic-go Has Panic in Path Probe Loss Recovery Handling — quic-goCWE-248 | 7.5 | High | 2025-06-02 |
| CVE-2024-53259 | quic-go affected by an ICMP Packet Too Large Injection Attack on Linux — quic-goCWE-345 | 6.5 | Medium | 2024-12-02 |
| CVE-2024-22189 | QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack — quic-goCWE-770 | 7.5 | High | 2024-04-04 |
| CVE-2023-49295 | quic-go's path validation mechanism can cause denial of service — quic-goCWE-400 | 6.4 | Medium | 2024-01-10 |
| CVE-2023-46239 | quic-go vulnerable to pointer dereference that can lead to panic — quic-goCWE-248 | 7.5 | High | 2023-10-31 |
This page lists every published CVE security advisory associated with quic-go. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.