CVE-2026-40211
MediumCVSS 5.3Summary
An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to trigger an out-of-memory condition, resulting in a denial of service.
Risk Assessment
The risk is a potential DoS attack via memory exhaustion, which can disrupt DNS services and impact the availability of the entire network infrastructure.
Recommendation
It is recommended to limit the number of concurrent DoH3 streams and apply memory limits for QUIC connections. Also consider updating the software once a patch is available.
Original NVD description (English source)
An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to trigger an out-of-memory condition, resulting in a denial of service.

