CVE-2023-39321

Aliases:GO-2023-2044BIT-golang-2023-39321

Advisory lineage Upstream: 0 Downstream: 21

Downstream

OPENSUSE-SU-2023:0360-1 OPENSUSE-SU-2024:13217-1 RHBA-2023:6364 RHBA-2023:6928 RHSA-2023:5008 RHSA-2023:5009

Modified

Published: 08 Sept 2023, 16:13

Last modified:13 Feb 2025, 17:02

Vulnerability Summary

Overall Risk (default)

medium

30/100

CVSS Score

7.5 HIGH

v3.1 (nvd)

EPSS Score

0.06% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

08 Sept 2023, 16:13

Published

Vulnerability first disclosed

13 Feb 2025, 17:02

Last Modified

Vulnerability information updated

Description

Processing an incomplete post-handshake message for a QUIC connection can cause a panic.

CVSS Metrics

v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.06%• Percentile: 18%

Techniques & Countermeasures

CWE-400•Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.

Affected Systems

go standard library•crypto/tls
≥ 1.21.0-0, < 1.21.1
golang•go
≥ 1.21.0, < 1.21.1
Go•stdlib
≥ 1.21.0-0, < 1.21.1