Kudos to Marten Seeman for discovering the first DOS vulnerability in QUIC: attackers could send series of PATH CHALLENGE to force the server to queue large numbers of PATH RESPONSE frames, leading to memory exhaustion if the return path does not have enough congestion control credits. It turns out that many implementations (including picoquic) had foreseen the issue and limit the number of pending challenge, but that's in theory in violation of the standard.
Add comment