CVE-2023-39321

Name
CVE-2023-39321
Description
Processing an incomplete post-handshake message for a QUIC connection can cause a panic.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ
MISC https://go.dev/cl/523039
MISC https://pkg.go.dev/vuln/GO-2023-2044
MISC https://go.dev/issue/62266
Third Party Advisory https://security.netapp.com/advisory/ntap-20231020-0004/
https://security.gentoo.org/glsa/202311-09

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* go >= 1.21.0 < 1.21.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
go edge-community 1.21.1-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> fixed
go 3.22-community 1.21.1-r0 None fixed
go 3.21-community 1.21.1-r0 None fixed
go 3.20-community 1.21.1-r0 None fixed
go 3.19-community 1.21.1-r0 None fixed
go 3.18-community 1.20.8-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> fixed