CVE-2023-39321 Panic when processing post-handshake message on QUIC connections in crypto/tls

2023-09-0816:13:30

www.cve.org

cve-2023-39321

panic

post-handshake

quic

crypto/tls

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.1%

JSON

Processing an incomplete post-handshake message for a QUIC connection can cause a panic.

CNA Affected

[
  {
    "vendor": "Go standard library",
    "product": "crypto/tls",
    "collectionURL": "https://pkg.go.dev",
    "packageName": "crypto/tls",
    "versions": [
      {
        "version": "1.21.0-0",
        "lessThan": "1.21.1",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "programRoutines": [
      {
        "name": "QUICConn.HandleData"
      }
    ],
    "defaultStatus": "unaffected"
  }
]