Vulnerability Database
Blog
FAQ
Docs
CVE-2023-39321
See a problem?
Please try reporting it
to the source
first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-39321
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-39321.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-39321
Aliases
BIT-golang-2023-39321
GO-2023-2044
Related
ALSA-2023:7762
ALSA-2023:7763
ALSA-2023:7764
ALSA-2023:7765
ALSA-2023:7766
ALSA-2024:0121
CGA-h3q9-hr2x-w3hj
RHBA-2023:6364
RHBA-2023:6928
RHSA-2023:5008
RHSA-2023:5009
RHSA-2023:6840
RHSA-2023:7517
RHSA-2023:7762
RHSA-2023:7763
RHSA-2023:7764
RHSA-2023:7765
RHSA-2023:7766
RHSA-2024:0121
RHSA-2024:2988
RHSA-2024:3352
RHSA-2024:3467
SUSE-SU-2023:3701-1
SUSE-SU-2023:4469-1
UBUNTU-CVE-2023-39321
openSUSE-SU-2023:0360-1
openSUSE-SU-2024:13217-1
Published
2023-09-08T17:15:28Z
Modified
2024-10-12T11:02:34.975421Z
Severity
7.5 (High)
CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Calculator
Summary
[none]
Details
Processing an incomplete post-handshake message for a QUIC connection can cause a panic.
References
https://pkg.go.dev/vuln/GO-2023-2044
https://security.gentoo.org/glsa/202311-09
https://security.netapp.com/advisory/ntap-20231020-0004/
https://go.dev/cl/523039
https://go.dev/issue/62266
https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ
Affected packages
Git
/
github.com/golang/go
Affected ranges
Type
GIT
Repo
https://github.com/golang/go
Events
Introduced
c19c4c566c63818dfd059b352e52c4710eecf14d
Fixed
2c1e5b05fe39fc5e6c730dd60e82946b8e67c6ba
Affected versions
go1.*
go1.21.0
CVE-2023-39321 - OSV