Lucene search
GoogleOSV:GO-2023-2160HistoryNov 02, 2023 - 9:44 p.m.
Panic during QUIC handshake in github.com/quic-go/quic-go
2023-11-0221:44:01
Google
osv.dev
22
quic handshake
panic
github
security vulnerability
malicious-peer
software_bug
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
21.4%
The QUIC handshake can cause a panic when processing a certain sequence of frames. A malicious peer can deliberately trigger this panic.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/quic-go/quic-go | lt | 0.37.3 | |
| github.com/quic-go/quic-go | ge | 0.37.0 |
Related
prion
prion
Null pointer dereference
2023-10-31 16:15:00
ubuntucve
ubuntucve
CVE-2023-46239
2023-10-31 00:00:00
cve
cve
CVE-2023-46239
2023-10-31 16:15:09
debiancve
debiancve
CVE-2023-46239
2023-10-31 16:15:09
osv
osv
CVE-2023-46239
2023-10-31 16:15:09
quic-go vulnerable to pointer dereference that can lead to panic
2023-10-30 15:08:05
cvelist
cvelist
nvd
nvd
CVE-2023-46239
2023-10-31 16:15:09
veracode
veracode
Denial Of Service (DoS)
2023-10-31 06:01:38
github
github
quic-go vulnerable to pointer dereference that can lead to panic
2023-10-30 15:08:05
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
21.4%
Related for OSV:GO-2023-2160