Skip to content
The Nexus
SECURITYJul 10 · 11:47 UTCTHE HACKER NEWS[email protected] (The Hacker News)

Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers

An unpatched vulnerability in XQUIC, Alibaba's QUIC and HTTP/3 library, allows remote clients to crash servers using standard QPACK traffic. The flaw, dubbed XRING by FoxIO researcher Sébastien Féry, requires no authentication or malformed packets and remains unaddressed.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this
Related Signal

Adjacent reporting