CVE-2026-10740

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L                                    

Vulnerability Description

Unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before 1.8.2 may allow an unauthenticated remote actor to cause a denial of service (degraded availability) by sending crafted QUIC Initial packets.

To remediate this issue, users should upgrade to v1.8.2.

Vulnerability Details

Published Date

June 10, 2026

Last Modified

June 10, 2026

CWE ID

CWE-770

Source

NVD

Vendor

AWS

Product

s2n-quic

External References

https://aws.amazon.com/security/security-bulletins/2026-042-aws/
https://github.com/aws/s2n-quic/releases/tag/v1.82.0
https://github.com/aws/s2n-quic/security/advisories/GHSA-9q54-f358-3fqf

CVE-2026-10740

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment