Kherrisan

**Name of the Vulnerable Software and Affected Versions** ngtcp2 versions prior to 1.22.1 **Description** The `ngtcp2 qlog parameters set transport params()` function serializes peer transport parameters into a fixed 1024-byte stack buffer without performing bounds checking. When qlog is enabled, a remote peer can send excessively large transport parameters during the QUIC handshake to cause writes beyond the buffer boundary, leading to a stack buffer overflow. This issue impacts deployments that enable the qlog callback and process untrusted peer transport parameters. **Recommendations** Update to version 1.22.1. As a temporary workaround, disable qlog on the client.