Lucene search

K
osvGoogleOSV:BIT-GOLANG-2023-39321
HistoryMar 06, 2024 - 10:54 a.m.

BIT-golang-2023-39321

2024-03-0610:54:10
Google
osv.dev
13
quic
post-handshake
software
panic

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

47.1%

Processing an incomplete post-handshake message for a QUIC connection can cause a panic.

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

47.1%