Primary

Context

Quicly Denial-of-Service Vulnerability via Assertion Failures

Vulnerability

A denial-of-service vulnerability has been identified in Quicly, an IETF QUIC protocol implementation, affecting versions prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. The issue arises from improper handling of invalid QUIC frames, which can be exploited by remote attackers to trigger assertion failures, causing processes that use Quicly to crash. This disruption can affect multiple QUIC connections within a single process, leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes assertion failures that crash the process using Quicly, disrupting all QUIC connections served by that process. This behavior constitutes a denial-of-service attack.

Remediation

Users can update to Quicly version 0.9.0 or later, where this vulnerability has been patched.

Added: Jan 19, 2026, 4:22 PM

Updated: Jan 19, 2026, 4:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

2.2

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.1

remediation

0.0

relevance

2.2

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Quicly Denial-of-Service Vulnerability via Assertion Failures

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating