VYPR
Vendor

Ngtcp2

Products
1
CVEs
2
Across products
2
Status
Private

Products

1

Recent CVEs

2
  • CVE-2024-52811HigNov 25, 2024
    risk 0.46cvss 8.2epss 0.01

    The ngtcp2 project is an effort to implement IETF QUIC protocol in C. In affected versions acks are not validated before being written to the qlog leading to a buffer overflow. In `ngtcp2_conn::conn_recv_pkt` for an ACK, there was new logic that got added to skip `conn_recv_ack`…

  • CVE-2026-40170HigApr 16, 2026
    risk 0.42cvss 7.5epss 0.01

    ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send…