CVE-2024-53259 quic-go affected by an ICMP Packet Too Large Injection Attack on Linux

🗓️ 02 Dec 2024 16:12:40Reported by GoogleType

osv

osv🔗 osv.dev👁 15 Views

Vulnerability in quic-go allows off-path attacker to disrupt QUIC connections after handshake.

Reporter	Title	Published	Views	Family All 83
Tenable Nessus	Azure Linux 3.0 Security Update: coredns (CVE-2024-53259)	17 Apr 202500:00	–	nessus
Tenable Nessus	CBL Mariner 2.0 Security Update: coredns (CVE-2024-53259)	17 Apr 202500:00	–	nessus
Tenable Nessus	RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update (Moderate) (RHSA-2024:10766)	4 Dec 202400:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2024-53259	27 Aug 202500:00	–	nessus
CBLMariner	CVE-2024-53259 affecting package coredns for versions less than 1.11.1-15	31 Mar 202521:13	–	cbl_mariner
CBLMariner	CVE-2024-53259 affecting package coredns for versions less than 1.11.4-1	16 Apr 202515:08	–	cbl_mariner
Chainguard	CVE-2024-53259 vulnerabilities	2 Dec 202417:15	–	cgr
Circl	CVE-2024-53259	2 Dec 202419:35	–	circl
CNNVD	quic-go 数据伪造问题漏洞	2 Dec 202400:00	–	cnnvd
CVE	CVE-2024-53259	2 Dec 202416:12	–	cve

Source	Link
github	www.github.com/quic-go/quic-go/releases/tag/v0.48.2
github	www.github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53259.json
github	www.github.com/quic-go/quic-go/security/advisories/GHSA-px8v-pp82-rcvr
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-53259
github	www.github.com/quic-go/quic-go/commit/ca31dd355cbe5fc6c5807992d9d1149c66c96a50
github	www.github.com/quic-go/quic-go/pull/4729

10 Apr 2026 05:18Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.16.5

EPSS0.00755

cve 2024 53259 quic-go vulnerability quic protocol off-path attacker icmp packet too large mtu issues fixed in 0.48.2.