7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
32.1%
Processing an incomplete post-handshake message for a QUIC connection can
cause a panic.
Author | Note |
---|---|
mdeslaur | Packages built using golang need to be rebuilt once the vulnerability has been fixed. This CVE entry does not list packages that need rebuilding outside of the main repository or the Ubuntu variants with PPA overlays. |
github.com/golang/go/commit/91a4e74b98179f63a27dbff1ad68ddd0ed64363a (go1.21.1)
go.dev/cl/523039
go.dev/issue/62266
groups.google.com/g/golang-announce/c/Fm51GRLNRvM
groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ
launchpad.net/bugs/cve/CVE-2023-39321
nvd.nist.gov/vuln/detail/CVE-2023-39321
pkg.go.dev/vuln/GO-2023-2044
security-tracker.debian.org/tracker/CVE-2023-39321
www.cve.org/CVERecord?id=CVE-2023-39321