{
  "claim_outcome": "confirmed",
  "claim_block_reason": null,
  "repro_result": "confirmed",
  "validated_surface": "network_protocol",
  "evidence_scope": "production_path",
  "claimed_impact_class": "dos",
  "observed_impact_class": "dos",
  "exploitability_confidence": "high",
  "attacker_controlled_input": "spec-compliant QPACK encoder stream instructions (Set Dynamic Table Capacity=64, 61x Insert x:y, Insert AAAAA:BBBBB, Set Dynamic Table Capacity=65) sent over a QUIC/HTTP3 unidirectional encoder stream by an unauthenticated remote client",
  "trigger_path": "quic-go client dials XQUIC demo_server over QUIC/UDP -> HTTP3 control stream + QPACK encoder uni stream -> xqc_decoder processes Set Dynamic Table Capacity -> xqc_decoder_set_dtable_cap -> xqc_dtable_set_capacity -> xqc_ring_mem_resize both-truncated branch (ori_sz1 = mcap - soffset_ori, should be rmem->capacity) -> 64-byte heap OOB read + size_t underflow into xqc_memcpy -> glibc _FORTIFY_SOURCE abort (exit 134)",
  "end_to_end_target_reached": true,
  "sanitizer_used": false,
  "crash_observed": true,
  "read_write_primitive_observed": false,
  "exploit_chain_demonstrated": false,
  "blocking_mitigation": null,
  "inferred": false
}
