VYPR

rpm package

opensuse/ngtcp2&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/ngtcp2&distro=openSUSE%20Tumbleweed

Vulnerabilities (2)

  • CVE-2026-40170HigApr 16, 2026
    affected < 1.22.1-1.1fixed 1.22.1-1.1

    ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send suffic

  • CVE-2024-52811HigNov 25, 2024
    affected < 1.10.0-1.1fixed 1.10.0-1.1

    The ngtcp2 project is an effort to implement IETF QUIC protocol in C. In affected versions acks are not validated before being written to the qlog leading to a buffer overflow. In `ngtcp2_conn::conn_recv_pkt` for an ACK, there was new logic that got added to skip `conn_recv_ack`