quiche (crates.io) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the crates.io package quiche, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2025-7054 — CVSS 6.5 (medium): Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRE_CONNECTION_ID frames. QUIC…
CVE-2024-1765 — CVSS 5.9 (medium): Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an unlimited resource allocation vulnerability causing rapid increase of…
CVE-2026-11941 — CVSS 5.6 (medium): Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The “quiche_connection_id_…
CVE-2023-6193 — CVSS 5.3 (medium): quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to…
CVE-2024-1410 — CVSS 3.7 (low): Cloudflare quiche was discovered to be vulnerable to unbounded storage of information related to connection ID retirement, which could lead…