VYPR

apk package

chainguard/quiche

pkg:apk/chainguard/quiche

Vulnerabilities (2)

  • CVE-2026-25727Feb 6, 2026
    affected < 0.25.0-r0fixed 0.25.0-r0

    time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used

  • CVE-2025-7054Aug 7, 2025
    affected < 0.24.5-r0fixed 0.24.5-r0

    Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRE_CONNECTION_ID frames. QUIC connections possess a set of connection identifiers (IDs); see Section 5.1 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000#section-5