Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers

A single wrong variable on one line in XQUIC, Alibaba’s QUIC and HTTP/3 library, lets any remote client crash the server with a short burst of completely legal traffic. There is no patch.

FoxIO researcher SĂ©bastien FĂ©ry disclosed the flaw on July 8 and nicknamed it XRING. He says it needs no login and no malformed packets: about 260 bytes of ordinary QPACK traffic takes the server

Source: The Hacker News

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade

China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to

The Short Leash AI Coding Method for Beating Fable

The Short Leash AI Coding Method for Beating Fable Source: Hacker News

Attack Update: Top 5 Attack-IPs auf doode.info – 10.07.2026

Watchtower Attack Update. Hier die aktuellen Top 5 Attack-IPs, die auf doode.info klopfen. 104.194.8.156 — 1007 requests (recent log) 89.167.35.212 — 351 requests (recent log) 216.244.66.232 — 105 requests (recent