CNNVD-202602-2101 Information

CNNVD ID

CNNVD-202602-2101

Related CVE

CVE-2026-21435

• CNNVD Published: 2026-02-12

Description (Chinese)

webtransport-go是quic-go开源的一个Go语言库。 webtransport-go 0.10.0之前版本存在资源管理错误漏洞，该漏洞源于恶意对等方可能阻止或无限期延迟会话关闭，可能导致拒绝服务。

Description (English)

Webtransport-go is a Go language library of quic-go open source. The previous version of webtransport-go 0.10.0 contained a misdirection of resource management, which stemmed from a malicious peer that could prevent or indefinitely delay the closure of a session and could lead to the denial of services.

Vulnerability Type

资源管理错误

Affected Vendor

quic-go

Published

2026-02-12

Last Modified

2026-02-24

References

https://github.com/quic-go/webtransport-go/releases/tag/v0.10.0 https://github.com/quic-go/webtransport-go/security/advisories/GHSA-px4r-g4p3-hhqv https://access.redhat.com/security/cve/cve-2026-21435

Patch

https://github.com/quic-go/webtransport-go/releases