<ciso brief/>
Tag Banner

All news with #optimistic ack tag

all tags →

Wed, October 29, 2025

Defending QUIC Against Acknowledgement-Based DDoS Attacks

#Cloudflare #Security Advisory #Patch #QUIC #Quiche #DDoS Surge #Optimistic ACK

🔒 Cloudflare patched two QUIC ACK-handling vulnerabilities (CVE-2025-4820, CVE-2025-4821) affecting its open-source quiche library and services using it. The flaws—missing ACK range validation and an Optimistic ACK attack—could let a malicious peer inflate server send rates, driving CPU and network amplification. Cloudflare implemented ACK range enforcement and a dynamic, CWND-aware skip frequency; quiche versions prior to 0.24.4 were affected.

read more →