Processing an incomplete post-handshake message for a QUIC connection can
cause a panic.
Author | Note |
---|---|
mdeslaur | Packages built using golang need to be rebuilt once the vulnerability has been fixed. This CVE entry does not list packages that need rebuilding outside of the main repository or the Ubuntu variants with PPA overlays. |
github.com/golang/go/commit/91a4e74b98179f63a27dbff1ad68ddd0ed64363a (go1.21.1)
go.dev/cl/523039
go.dev/issue/62266
groups.google.com/g/golang-announce/c/Fm51GRLNRvM
groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ
launchpad.net/bugs/cve/CVE-2023-39321
nvd.nist.gov/vuln/detail/CVE-2023-39321
pkg.go.dev/vuln/GO-2023-2044
security-tracker.debian.org/tracker/CVE-2023-39321
www.cve.org/CVERecord?id=CVE-2023-39321