Quic-go Project Quic-go — known CVE vulnerabilities
Every CVE whose affected-product data names Quic-go Project Quic-go, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2022-30591 — CVSS 7.5 (high): quic-go through 0.27.0 allows remote attackers to cause a denial of service (CPU consumption) via a Slowloris variant in which incomplete…
CVE-2023-46239 — CVSS 7.5 (high): quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK…
CVE-2023-49295 — CVSS 6.4 (medium): quic-go is an implementation of the QUIC protocol (RFC 9000, RFC 9001, RFC 9002) in Go. An attacker can cause its peer to run out of memory…
CVE-2025-64702 — CVSS 5.3 (medium): quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through…
CVE-2026-40898 — CVSS 5.3 (medium): quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.59.1, an attacker can cause excessive memory allocation in…