Description
Processing an incomplete post-handshake message for a QUIC connection can cause a panic.
References (6)
Core 6
Core References
Patch
https://go.dev/cl/523039
Issue Tracking
https://go.dev/issue/62266
Vendor Advisory
https://pkg.go.dev/vuln/GO-2023-2044
Third Party Advisory
https://security.netapp.com/advisory/ntap-20231020-0004/
Third Party Advisory
https://security.gentoo.org/glsa/202311-09
Scores
CVSS v3
7.5
EPSS
0.0006
EPSS Percentile
17.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-400
Status
published
Products (1)
golang/go
1.21.0 - 1.21.1
Published
Sep 08, 2023
Tracked Since
Feb 18, 2026