A single wrong variable on one line in XQUIC, Alibaba’s QUIC and HTTP/3 library, lets any remote client crash the server with a short burst of completely legal traffic. There is no patch. FoxIO researcher Sébastien Féry disclosed the flaw on… Read More "Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers"