CVE-2026-10740

EUVD-2026-36103
Unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before 1.8.2 may allow an unauthenticated remote actor to cause a denial of service (degraded availability) by sending crafted QUIC Initial packets.



To remediate this issue, users should upgrade to v1.8.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://aws.amazon.com/security/security-bulletins/2026-042-aws/
https://github.com/aws/s2n-quic/releases/tag/v1.82.0
https://github.com/aws/s2n-quic/security/advisories/GHSA-9q54-f358-3fqf