cvedb.io
CVE-2025-61684
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2026-01-19T16:15:53.423 · Last modified 2026-06-17T09:50:46.433

Summary

Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e fixes the issue.

Affected products

h2o — quicly

Does this affect you?

Add your gear to cvedb and we'll alert you only when h2o ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.