VMTech
+381 11 4183 54024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

XRING in XQUIC: a flaw that can take down HTTP/3 servers without malicious packets

XRING in XQUIC: a flaw that can take down HTTP/3 servers without malicious packets

Colleagues, I’d like to draw attention to a cybersecurity case: XQUIC, Alibaba’s library for QUIC and HTTP/3, has an XRING vulnerability.

The mechanism is straightforward, yet dangerous: a remote client can crash the server with ordinary, legitimate QPACK traffic. No authentication or malicious packets are required.

All releases up to and including v1.9.4 are affected. At the time of publication, there is no fix or CVE.

A temporary mitigation is to disable the QPACK dynamic table or remove HTTP/3 altogether.

Why it matters: a single arithmetic error can lead to denial of service even without an overt attack.

Have you already checked your HTTP/3 services for risks like this?
#cybersecurity #HTTP3 #QUIC #vulnerability

Current metrics
11Views
1Reach
0Likes
0Comments
0Saved
0Shares

Latest comments

No comments yet.

Instagram

XRING in XQUIC: a flaw that can take down HTTP/3 servers without malicious packets

Open the post on Instagram ↗