CNNVD-202601-3048 Information

CNNVD ID

CNNVD-202601-3048

Related CVE

CVE-2025-61684

• CNNVD Published: 2026-01-19

Description (Chinese)

quicly是H2O开源的一个 IETF QUIC 协议的实现。 quicly d9d3df6a8530a102b57d840e39b0311ce5c9e14e之前版本存在输入验证错误漏洞，该漏洞源于远程攻击者可利用这些错误触发断言失败，可能导致使用Quicly的进程崩溃。

Description (English)

Quicly is an IETF QUIC protocol from an open source of H2O. Quicly d9d3df6a8530a102a57d840e39b0311ce5c9e14e has a pre-version of input authentication error, which stems from the fact that remote assailants can use these errors to trigger an assertion of failure and could lead to the collapse of the process using Quicly.

Hazard Level

Medium

Vulnerability Type

输入验证错误

Affected Vendor

H2O

Published

2026-01-19

Last Modified

2026-02-24

References

https://github.com/h2o/quicly/commit/d9d3df6a8530a102b57d840e39b0311ce5c9e14e https://github.com/h2o/quicly/security/advisories/GHSA-wr3c-345m-43v9

Patch

https://github.com/h2o/quicly