Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers

A single wrong variable on one line in XQUIC, Alibaba’s QUIC and HTTP/3 library, lets any remote client crash the server with a short burst of completely legal traffic. There is no patch.

FoxIO researcher Sébastien Féry disclosed the flaw on July 8 and nicknamed it XRING. He says it needs no login and no malformed packets: about 260 bytes of ordinary QPACK traffic takes the server

Source: The Hacker News

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS Ubiquiti has shipped updates to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi

Project Valhalla, Explained: How a Decade of Work Arrives in JDK 28

Project Valhalla, Explained: How a Decade of Work Arrives in JDK 28 Source: Hacker News

Attack Update: Top 5 Attack-IPs auf doode.info – 20.06.2026

Watchtower Attack Update. Hier die aktuellen Top 5 Attack-IPs, die auf doode.info klopfen. Keine relevanten IPs erfasst (ruhig oder stark gefiltert). Mehr Live-Daten und die komplette Historie im /attacks/ Watchtower-Bereich