Lucene search
PRIOn knowledge basePRION:CVE-2023-46239HistoryOct 31, 2023 - 4:15 p.m.
Null pointer dereference
2023-10-3116:15:00
PRIOn knowledge base
www.prio-n.com
5
quic-go
vulnerability
serialization
handshake
node
panic
patch
packet
0.001 Low
EPSS
Percentile
21.4%
quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference (leading to a panic) when the node attempted to drop the Handshake packet number space. An attacker can bring down a quic-go node with very minimal effort. Completing the QUIC handshake only requires sending and receiving a few packets. Version 0.37.3 contains a patch. Versions before 0.37.0 are not affected.
Related
ubuntucve
ubuntucve
CVE-2023-46239
2023-10-31 00:00:00
cve
cve
CVE-2023-46239
2023-10-31 16:15:09
debiancve
debiancve
CVE-2023-46239
2023-10-31 16:15:09
osv
osv
Panic during QUIC handshake in github.com/quic-go/quic-go
2023-11-02 21:44:01
CVE-2023-46239
2023-10-31 16:15:09
quic-go vulnerable to pointer dereference that can lead to panic
2023-10-30 15:08:05
cvelist
cvelist
nvd
nvd
CVE-2023-46239
2023-10-31 16:15:09
veracode
veracode
Denial Of Service (DoS)
2023-10-31 06:01:38
github
github
quic-go vulnerable to pointer dereference that can lead to panic
2023-10-30 15:08:05