CNNVD-202512-2077 Information

CNNVD ID

CNNVD-202512-2077

Related CVE

CVE-2025-64702

• CNNVD Published: 2025-12-11

Description (Chinese)

quic-go是Lucas Clemente个人开发者的一种 QUIC 协议、RFC 9000协议在 Go 中的实现。 quic-go 0.56.0及之前版本存在安全漏洞，该漏洞源于未对解码后的标头实施限制，可能导致内存耗尽。

Description (English)

Quic-go is a QUIC protocol for Lucas Clemente’s personal developers, and the RFC 9000 agreement is implemented in Go. Quic-go 0.56.0 and earlier versions had a security loophole, which stemmed from the lack of restrictions on decoded markers and could lead to the depletion of memory.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-12-11

Last Modified

2026-02-24

References

https://github.com/quic-go/quic-go/commit/5b2d2129f8315da41e01eff0a847ab38a34e83a8 https://github.com/quic-go/quic-go/security/advisories/GHSA-g754-hx8w-x2g6

Patch

https://github.com/quic-go/quic-go/releases