Kaihua Wang (Tsinghua University), Jianjun Chen (Tsinghua University), Pinji Chen (Tsinghua University), Jianwei Zhuge (Tsinghua University), Jiaju Bai (Beihang University), Haixin Duan (Tsinghua University)

QUIC is a modern transport protocol increasingly adopted by major platforms and services, making its security and correctness critically important. However, the complexity of QUIC specification and implementations introduces opportunities for subtle and dangerous logic flaws. Existing QUIC testing tools primarily focus on memory-related vulnerabilities and are ill-equipped to detect logical vulnerabilities. Therefore, the discovery of logical vulnerabilities is currently still highly dependent on manual auditing.

In this paper, we introduce MerCuriuzz, a novel black-box fuzzing framework designed to automatically uncover logical vulnerabilities in QUIC implementations. We evaluated MerCuriuzz against 16 widely used QUIC implementations and discovered 14 previously unknown logical vulnerabilities affecting popular implementations such as quiche, xquic, and aioquic. Those vulnerabilities can pose severe security risks, enabling attackers to exhaust server resources, crash services, or deny legitimate users access to the server. We categorize those vulnerabilities into six categories and propose mitigation strategies. We also responsibly disclosed our findings to the affected vendors, and 11 of them were confirmed and rewarded by the vendors, such as Cloudflare and Alibaba Cloud.

View More Papers

Chimera: Harnessing Multi-Agent LLMs for Automatic Insider Threat Simulation

Jiongchi Yu (Singapore Management University), Xiaofei Xie (Singapore Management University), Qiang Hu (Tianjin University), Yuhan Ma (Tianjin University), Ziming Zhao (Zhejiang University)

Read More

DUALBREACH: Efficient Dual-Jailbreaking via Target-Driven Initialization and Multi-Target Optimization

Xinzhe Huang (Zhejiang University), Kedong Xiu (Zhejiang University), Tianhang Zheng (Zhejiang University), Churui Zeng (Zhejiang University), Wangze Ni (Zhejiang University), Zhan Qin (Zhejiang University), Kui Ren (Zhejiang University), Chun Chen (Zhejiang University)

Read More

RTrace: Towards Better Visibility of Shared Library Execution

Huaifeng Zhang (Chalmers University of Technology), Ahmed Ali-Eldin (Chalmers University of Technology)

Read More