Denial of Service Vulnerability in s2n-quic by AWS
CVE-2026-10740
6.9MEDIUM
What is CVE-2026-10740?
The unbounded memory allocation issue in the CRYPTO frame reassembler of AWS's s2n-quic prior to version 1.8.2 can allow an unauthenticated remote actor to exploit this vulnerability, causing a denial of service by sending specifically crafted QUIC Initial packets. This could potentially lead to degraded availability of the application, impacting users and services. It is highly recommended for users to upgrade to version 1.8.2 to mitigate the risk.
Affected Version(s)
s2n-quic 0 <= 1.8.1
