SECURITYTHE HACKER NEWS
Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers
An unpatched vulnerability in XQUIC, Alibaba's QUIC and HTTP/3 library, allows remote clients to crash servers using standard QPACK traffic. The flaw, dubbed XRING by FoxIO researcher Sébastien Féry, requires no authentication or malformed packets and remains unaddressed.
Mentioned
Related Signal