CVE Catalog

CVE-2026-10740

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

11th percentile — higher than 11% of all known CVEs

Summary

Unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before version 1.8.2 may allow an unauthenticated remote actor to cause a denial of service by sending crafted QUIC Initial packets.

Risk Assessment

The organization may experience degraded availability of services, leading to disruptions in system operations.

Recommendation

It is recommended to upgrade to version 1.8.2 to remediate this vulnerability.

Original NVD description (English source)

Unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before 1.8.2 may allow an unauthenticated remote actor to cause a denial of service (degraded availability) by sending crafted QUIC Initial packets. To remediate this issue, users should upgrade to v1.8.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS