SecAlerts
CVE ListPricingSign Up
ngtcp2 logo

ngtcp2

Security Risk Profile

46
/100
medium

Security Risk Score

Comprehensive risk assessment based on 3 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from November 25, 2024 to present

3
Total CVEs
2
Critical+High
0
Exploited
1
Unpatched

Threat Assessment

Avg CVSS
7.9
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
1
Critical/High
Risk Level
46/100
medium

Severity Distribution

Critical
0
High
2
Medium
0
Low
0

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
0

Age Distribution

Common Weaknesses (CWE)

1
Buffer Overflow
2

Most Affected Products

1. ngtcp2 ngtcp23
2. nghttp2 Ngtcp21
3. debian/ngtcp21

Recent Vulnerabilities

See more →
https://seclists.org/oss-sec/2026/q2/166
unknown

ngtcp2: qlog_parameters_set_transport_params_stack_overflow [CVE-2026-40170]

4/17/2026🔧 No Patch
CVE-2026-40170
CVSS 7.5high

ngtcp2 has a qlog transport parameter serialization stack buffer overflow

4/16/2026
CVE-2024-52811
CVSS 8.2high

Acks not validated before logged to qlog leads to buffer overflow in ngtcp2

11/25/2024🔧 No Patch

Monitor ngtcp2 in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.