Skip to main content

S2N Quic

1 CVEs product

Monthly

CVE-2026-10740 MEDIUM PATCH This Month

Unbounded memory allocation in the CRYPTO frame reassembler of AWS s2n-quic (all versions before v1.82.0) enables unauthenticated remote actors to degrade service availability by sending crafted QUIC Initial packets. Because QUIC Initial packets are processed prior to handshake completion, no session establishment or authentication is required to trigger the condition. No public exploit code or active exploitation has been identified at time of analysis, but the low-complexity, zero-authentication attack path makes this straightforwardly reachable on any exposed s2n-quic endpoint.

Denial Of Service S2N Quic
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Unbounded memory allocation in the CRYPTO frame reassembler of AWS s2n-quic (all versions before v1.82.0) enables unauthenticated remote actors to degrade service availability by sending crafted QUIC Initial packets. Because QUIC Initial packets are processed prior to handshake completion, no session establishment or authentication is required to trigger the condition. No public exploit code or active exploitation has been identified at time of analysis, but the low-complexity, zero-authentication attack path makes this straightforwardly reachable on any exposed s2n-quic endpoint.

Denial Of Service S2N Quic
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy