GHSA-9fw6-xgg2-mq9q: Hysteria: A specially constructed quic package can crash the server OOM when the sniff is enabled

May 5, 2026

A specially constructed quic package can crash the server OOM when the sniff is enabled.

References

github.com/advisories/GHSA-9fw6-xgg2-mq9q
github.com/apernet/hysteria
github.com/apernet/hysteria/security/advisories/GHSA-9fw6-xgg2-mq9q

Code Behaviors & Features

Detect and mitigate GHSA-9fw6-xgg2-mq9q with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →