CVE-2026-10740

MEDIUM NVD

CVSS Score 5.3

Severity MEDIUM

Published Jun 10, 2026

Vendor unknown

Description

Unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before 1.8.2 may allow an unauthenticated remote actor to cause a denial of service (degraded availability) by sending crafted QUIC Initial packets. To remediate this issue, users should upgrade to v1.8.2.

References

https://aws.amazon.com/security/security-bulletins/2026-042-aws/
https://github.com/aws/s2n-quic/releases/tag/v1.82.0
https://github.com/aws/s2n-quic/security/advisories/GHSA-9q54-f358-3fqf