Vulnerability Report: GO-2023-2044
standard library- CVE-2023-39321
- Affects: crypto/tls
- Published: Sep 07, 2023
- Modified: May 20, 2024
Processing an incomplete post-handshake message for a QUIC connection can cause a panic.
Affected Packages
-
PathGo VersionsSymbols
-
from go1.21.0-0 before go1.21.1
Aliases
References
- https://go.dev/issue/62266
- https://go.dev/cl/523039
- https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ
- https://vuln.go.dev/ID/GO-2023-2044.json
Credits
- Marten Seemann
Feedback
See anything missing or incorrect?
Suggest an edit to this report.