Summary
Cloudflare Quiche: Use-after-free in connection ID iterator FFI functions
Advisory details
Impact
Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions.
The quiche_connection_id_iter_next and quiche_conn_retired_scid_next functions would return a pointer to a ConnectionId to the applications via function arguments, but the the owned ConnectionId would be dropped at the end of those functions' scope.
Only applications using those FFI functions are affected. The FFI API is disabled by default by a build-time feature flag.
quiche 0.29.2 is the earliest version containing the fix for this issue.
References
Related vulnerabilities
All Supply chain →- HIGHGHSA-6v7p-g79w-8964
MessagePack for Python (the `msgpack` package) has an out-of-bounds read in versions up to and including 1.2.0. If an `Unpacker` is reused after it has raised and caught an error, it can read out of bounds and crash the process with a segmentation fault. Code that streams untrusted MessagePack through a single long-lived `Unpacker` can therefore be crashed on demand, a denial-of-service risk.
- HIGHCVE-2026-52801
Gogs has the ability to import local repositories via Mirror Settings
- HIGHCVE-2026-52800
Gogs Vulnerable to CSRF Leading to Organization Owner Takeover
- HIGHCVE-2026-52799
Gogs Missing Authorization in Attachment Download
- HIGHCVE-2026-52798
Gogs has Stored XSS in `.ipynb` Preview
- MEDIUMCVE-2026-50179
@actual-app/web has CSV Formula Injection in Transaction Export via Imported Payee/Notes Fields