Vulnerability Report: GO-2024-2459
- CVE-2023-49295, GHSA-ppxx-5m9h-6vxf
- Affects: github.com/quic-go/quic-go
- Published: Jan 23, 2024
- Modified: May 20, 2024
Denial of service via path validation in github.com/quic-go/quic-go
For detailed information about this vulnerability, visit https://nvd.nist.gov/vuln/detail/CVE-2023-49295.
Affected Modules
-
PathGo Versions
-
before v0.37.7, from v0.38.0 before v0.38.2, from v0.39.0 before v0.39.4, from v0.40.0 before v0.40.1
Aliases
References
- https://nvd.nist.gov/vuln/detail/CVE-2023-49295
- https://github.com/quic-go/quic-go/commit/17fc98c2d81dbe685c19702dc694a9d606ac56dc
- https://github.com/quic-go/quic-go/commit/21609ddfeff93668c7625a85eb09f1541fdad965
- https://github.com/quic-go/quic-go/commit/3a9c18bcd27a01c551ac9bf8bd2b4bded77c189a
- https://github.com/quic-go/quic-go/commit/554d543b50b917369fb1394cc5396d928166cf49
- https://github.com/quic-go/quic-go/commit/6cc3d58935426191296171a6c0d1ee965e10534e
- https://github.com/quic-go/quic-go/commit/9aaefe19fc3dc8c8917cc87e6128bb56d9e9e6cc
- https://github.com/quic-go/quic-go/commit/a0ffa757499913f7be69aa78f573a6aee3430ae4
- https://github.com/quic-go/quic-go/commit/d7aa627ebde91cf799ada2a07443faa9b1e5abb8
- https://seemann.io/posts/2023-12-18-exploiting-quics-path-validation/
- https://vuln.go.dev/ID/GO-2024-2459.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.