Lucene search

Ubuntu.comUB:CVE-2023-39321

HistorySep 08, 2023 - 12:00 a.m.

CVE-2023-39321

2023-09-0800:00:00

ubuntu.com

cve-2023-39321

panic

quic connection

vulnerability

golang

rebuilding

ubuntu

ppa overlays

unix

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

32.1%

JSON

Processing an incomplete post-handshake message for a QUIC connection can
cause a panic.

Notes

Author	Note
mdeslaur	Packages built using golang need to be rebuilt once the vulnerability has been fixed. This CVE entry does not list packages that need rebuilding outside of the main repository or the Ubuntu variants with PPA overlays.

References

github.com/golang/go/commit/91a4e74b98179f63a27dbff1ad68ddd0ed64363a (go1.21.1)

go.dev/cl/523039

go.dev/issue/62266

groups.google.com/g/golang-announce/c/Fm51GRLNRvM

groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ

launchpad.net/bugs/cve/CVE-2023-39321

nvd.nist.gov/vuln/detail/CVE-2023-39321

pkg.go.dev/vuln/GO-2023-2044

security-tracker.debian.org/tracker/CVE-2023-39321

www.cve.org/CVERecord?id=CVE-2023-39321

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

32.1%

JSON

Related for UB:CVE-2023-39321