CyberSecurity News
Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers
AI summary
A vulnerability in XQUIC, Alibaba's QUIC and HTTP/3 library, allows remote clients to crash HTTP/3 servers with a small amount of normal traffic. The issue, dubbed XRING, was disclosed by FoxIO researcher Sébastien Féry on July 8. It can be triggered by sending about 260 bytes of ordinary QPACK traffic, without requiring login or malformed packets. The flaw is due to a single incorrect variable on one line of code in XQUIC. Currently, there is no patch available for this vulnerability.
This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to The Hacker News.

