CVE-2023-39321

Name
CVE-2023-39321
Description
Processing an incomplete post-handshake message for a QUIC connection can cause a panic.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ
MISC https://go.dev/cl/523039
MISC https://pkg.go.dev/vuln/GO-2023-2044
MISC https://go.dev/issue/62266
Third Party Advisory https://security.netapp.com/advisory/ntap-20231020-0004/
https://security.gentoo.org/glsa/202311-09

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* go >= 1.21.0 < 1.21.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status