Dossier
XQUIC
Coverage of XQUIC in the Nexus archive.
- Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers
An unpatched vulnerability in XQUIC, Alibaba's QUIC and HTTP/3 library, allows remote clients to crash servers using standard QPACK traffic. The flaw, dubbed XRING by FoxIO researcher Sébastien Féry, requires no authentication or malformed packets and remains unaddressed.