Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 591
Alerts This Week
Warning Icon 1 591

Debian DSA-6222-1 ngtcp2 Important Buffer Overflow CVE-2026-40170

debian
Calendar Grey April 21, 2026
Debian Logo
Critical buffer overflow in ngtcp2 library patched in recent Debian updates for oldstable and stable releases.
Zou Dikai discovered a buffer overflow in ngtcp2, a QUIC protocol library

Summary

For the oldstable distribution (bookworm), this problem has been fixed
in version 0.12.1+dfsg-1+deb12u1.

For the stable distribution (trixie), this problem has been fixed in
version 1.11.0-1+deb13u1.

We recommend that you upgrade your ngtcp2 packages.

For the detailed security status of ngtcp2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ngtcp2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Severity
important
Lowest
Low
Medium
High
Critical

Package: ngtcp2
CVE ID: CVE-2026-40170

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.