Vulnerability Report: GO-2023-2160
- CVE-2023-46239, GHSA-3q6m-v84f-6p9h
- Affects: github.com/quic-go/quic-go
- Published: Nov 02, 2023
- Modified: May 20, 2024
The QUIC handshake can cause a panic when processing a certain sequence of frames. A malicious peer can deliberately trigger this panic.
For detailed information about this vulnerability, visit https://github.com/quic-go/quic-go/security/advisories/GHSA-3q6m-v84f-6p9h.
Affected Packages
-
PathGo VersionsSymbols
-
from v0.37.0 before v0.37.3all symbols
Aliases
References
- https://github.com/quic-go/quic-go/security/advisories/GHSA-3q6m-v84f-6p9h
- https://github.com/quic-go/quic-go/commit/b6a4725b60f1fe04e8f1ddcc3114e290fcea1617
- https://vuln.go.dev/ID/GO-2023-2160.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.