Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-39322

UNKNOWN
Published 2023-09-08T16:13:32.795Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-39322. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Go standard library

crypto/tls

Affected Versions:

1.21.0-0
go_standard_library

crypto_tls

Affected Versions:

1.21.0-0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-892h-r6cr-53g4

Advisory Details

QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-39322
WEB https://go.dev/cl/523039
WEB https://go.dev/issue/62266
WEB https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ
WEB https://pkg.go.dev/vuln/GO-2023-2045
WEB https://security.gentoo.org/glsa/202311-09
WEB https://security.netapp.com/advisory/ntap-20231020-0004

Advisory provided by GitHub Security Advisory Database. Published: September 8, 2023, Modified: November 4, 2023

References

https://go.dev/issue/62266
https://go.dev/cl/523039
https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ
https://pkg.go.dev/vuln/GO-2023-2045
https://security.netapp.com/advisory/ntap-20231020-0004/
https://security.gentoo.org/glsa/202311-09
Published: 2023-09-08T16:13:32.795Z
Last Modified: 2025-02-13T17:02:49.143Z
Copied to clipboard!