QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Alpine | edge-community | noarch | go | <Â 1.21.1-r0 | UNKNOWN |
Alpine | 3.18-community | noarch | go | <Â 1.20.8-r0 | UNKNOWN |
Alpine | 3.19-community | noarch | go | <Â 1.21.1-r0 | UNKNOWN |