[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-53259":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":341,"aliases":342,"duplicate_of":9,"upstream":345,"downstream":346,"duplicates":357,"related":358,"reserved_at":9,"published_at":391,"modified_at":392,"state":393,"summary":394,"references_raw":403,"kevs":441,"epss":442,"epss_history":445,"metrics":707,"affected":719},"CVE-2024-53259","quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IP_PMTUDISC_DO, the kernel would then return a \"message too large\" error on sendmsg, i.e. when quic-go attempts to send a packet that exceeds the MTU claimed in that ICMP packet. By setting this value to smaller than 1200 bytes (the minimum MTU for QUIC), the attacker can disrupt a QUIC connection. Crucially, this can be done after completion of the handshake, thereby circumventing any TCP fallback that might be implemented on the application layer (for example, many browsers fall back to HTTP over TCP if they're unable to establish a QUIC connection). The attacker needs to at least know the client's IP and port tuple to mount an attack. This vulnerability is fixed in 0.48.2.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-345","Insufficient Verification of Data Authenticity","The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.","weakness","Draft","Class",[19,23,76,88,109,113,117,121,125,129,133,337],{"id":20,"name":21,"techniques":22},"CAPEC-111","JSON Hijacking (aka JavaScript Hijacking)",[],{"id":24,"name":25,"techniques":26},"CAPEC-141","Cache Poisoning",[27],{"id":28,"name":29,"tactics":30,"countermeasures":37},"T1557.002","ARP Cache Poisoning",[31,34],{"id":32,"name":33},"TA0031","Credential Access",{"id":35,"name":36},"TA0100","Collection",[38,43,47,51,55,59,63,67,71],{"id":39,"name":40,"tactic":41},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":42},"Detect",{"id":44,"name":45,"tactic":46},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":42},{"id":48,"name":49,"tactic":50},"D3-CSPP","Client-server Payload Profiling",{"name":42},{"id":52,"name":53,"tactic":54},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":42},{"id":56,"name":57,"tactic":58},"D3-NTSA","Network Traffic Signature Analysis",{"name":42},{"id":60,"name":61,"tactic":62},"D3-APCA","Application Protocol Command Analysis",{"name":42},{"id":64,"name":65,"tactic":66},"D3-NTCD","Network Traffic Community Deviation",{"name":42},{"id":68,"name":69,"tactic":70},"D3-RTSD","Remote Terminal Session Detection",{"name":42},{"id":72,"name":73,"tactic":74},"D3-NTF","Network Traffic Filtering",{"name":75},"Isolate",{"id":77,"name":78,"techniques":79},"CAPEC-142","DNS Cache Poisoning",[80],{"id":81,"name":82,"tactics":83,"countermeasures":87},"T1584.002","DNS Server",[84],{"id":85,"name":86},"TA0042","Resource Development",[],{"id":89,"name":90,"techniques":91},"CAPEC-148","Content Spoofing",[92],{"id":93,"name":94,"tactics":95,"countermeasures":99},"T1491","Defacement",[96],{"id":97,"name":98},"TA0105","Impact",[100,105],{"id":101,"name":102,"tactic":103},"D3-DNR","Decoy Network Resource",{"name":104},"Deceive",{"id":106,"name":107,"tactic":108},"D3-NRAM","Network Resource Access Mediation",{"name":75},{"id":110,"name":111,"techniques":112},"CAPEC-218","Spoofing of UDDI/ebXML Messages",[],{"id":114,"name":115,"techniques":116},"CAPEC-384","Application API Message Manipulation via Man-in-the-Middle",[],{"id":118,"name":119,"techniques":120},"CAPEC-385","Transaction or Event Tampering via Application API Manipulation",[],{"id":122,"name":123,"techniques":124},"CAPEC-386","Application API Navigation Remapping",[],{"id":126,"name":127,"techniques":128},"CAPEC-387","Navigation Remapping To Propagate Malicious Content",[],{"id":130,"name":131,"techniques":132},"CAPEC-388","Application API Button Hijacking",[],{"id":134,"name":135,"techniques":136},"CAPEC-665","Exploitation of Thunderbolt Protection Flaws",[137,173,213],{"id":138,"name":139,"tactics":140,"countermeasures":147},"T1211","Exploitation for Stealth",[141,144],{"id":142,"name":143},"TA0030","Defense Evasion",{"id":145,"name":146},"TA0005","Stealth",[148,152,156,160,165,169],{"id":149,"name":150,"tactic":151},"D3-MBT","Memory Boundary Tracking",{"name":42},{"id":153,"name":154,"tactic":155},"D3-PCSV","Process Code Segment Verification",{"name":42},{"id":157,"name":158,"tactic":159},"D3-SSC","Shadow Stack Comparisons",{"name":42},{"id":161,"name":162,"tactic":163},"D3-PSEP","Process Segment Execution Prevention",{"name":164},"Harden",{"id":166,"name":167,"tactic":168},"D3-SAOR","Segment Address Offset Randomization",{"name":164},{"id":170,"name":171,"tactic":172},"D3-SFCV","Stack Frame Canary Validation",{"name":164},{"id":174,"name":175,"tactics":176,"countermeasures":182},"T1542.002","Component Firmware",[177,178,179],{"id":142,"name":143},{"id":145,"name":146},{"id":180,"name":181},"TA0110","Persistence",[183,188,192,196,200,204,208],{"id":184,"name":185,"tactic":186},"D3-SWI","Software Inventory",{"name":187},"Model",{"id":189,"name":190,"tactic":191},"D3-AVE","Asset Vulnerability Enumeration",{"name":187},{"id":193,"name":194,"tactic":195},"D3-FEMC","Firmware Embedded Monitoring Code",{"name":42},{"id":197,"name":198,"tactic":199},"D3-FV","Firmware Verification",{"name":42},{"id":201,"name":202,"tactic":203},"D3-FBA","Firmware Behavior Analysis",{"name":42},{"id":205,"name":206,"tactic":207},"D3-SU","Software Update",{"name":164},{"id":209,"name":210,"tactic":211},"D3-RS","Restore Software",{"name":212},"Restore",{"id":214,"name":215,"tactics":216,"countermeasures":223},"T1556","Modify Authentication Process",[217,218,221,222],{"id":142,"name":143},{"id":219,"name":220},"TA0112","Defense Impairment",{"id":180,"name":181},{"id":32,"name":33},[224,228,232,236,240,244,248,252,256,260,265,269,273,277,281,285,289,293,297,301,305,309,313,317,321,325,329,333],{"id":225,"name":226,"tactic":227},"D3-CI","Configuration Inventory",{"name":187},{"id":229,"name":230,"tactic":231},"D3-NTPM","Network Traffic Policy Mapping",{"name":187},{"id":233,"name":234,"tactic":235},"D3-AM","Access Modeling",{"name":187},{"id":237,"name":238,"tactic":239},"D3-FA","File Analysis",{"name":42},{"id":241,"name":242,"tactic":243},"D3-FIM","File Integrity Monitoring",{"name":42},{"id":245,"name":246,"tactic":247},"D3-PLA","Process Lineage Analysis",{"name":42},{"id":249,"name":250,"tactic":251},"D3-PSMD","Process Self-Modification Detection",{"name":42},{"id":253,"name":254,"tactic":255},"D3-PSA","Process Spawn Analysis",{"name":42},{"id":257,"name":258,"tactic":259},"D3-SFA","System File Analysis",{"name":42},{"id":261,"name":262,"tactic":263},"D3-FEV","File Eviction",{"name":264},"Evict",{"id":266,"name":267,"tactic":268},"D3-PT","Process Termination",{"name":264},{"id":270,"name":271,"tactic":272},"D3-PS","Process Suspension",{"name":264},{"id":274,"name":275,"tactic":276},"D3-HR","Host Reboot",{"name":264},{"id":278,"name":279,"tactic":280},"D3-HS","Host Shutdown",{"name":264},{"id":282,"name":283,"tactic":284},"D3-DF","Decoy File",{"name":104},{"id":286,"name":287,"tactic":288},"D3-FE","File Encryption",{"name":164},{"id":290,"name":291,"tactic":292},"D3-RF","Restore File",{"name":212},{"id":294,"name":295,"tactic":296},"D3-RC","Restore Configuration",{"name":212},{"id":298,"name":299,"tactic":300},"D3-CF","Content Filtering",{"name":75},{"id":302,"name":303,"tactic":304},"D3-LFP","Local File Permissions",{"name":75},{"id":306,"name":307,"tactic":308},"D3-RFAM","Remote File Access Mediation",{"name":75},{"id":310,"name":311,"tactic":312},"D3-CQ","Content Quarantine",{"name":75},{"id":314,"name":315,"tactic":316},"D3-CM","Content Modification",{"name":75},{"id":318,"name":319,"tactic":320},"D3-KBPI","Kernel-based Process Isolation",{"name":75},{"id":322,"name":323,"tactic":324},"D3-SCF","System Call Filtering",{"name":75},{"id":326,"name":327,"tactic":328},"D3-HBPI","Hardware-based Process Isolation",{"name":75},{"id":330,"name":331,"tactic":332},"D3-ABPI","Application-based Process Isolation",{"name":75},{"id":334,"name":335,"tactic":336},"D3-WSAM","Web Session Access Mediation",{"name":75},{"id":338,"name":339,"techniques":340},"CAPEC-701","Browser in the Middle (BiTM)",[],[],[343,344],"GHSA-px8v-pp82-rcvr","GO-2024-3302",[],[347,349,351,353,355],{"_key":348},"OPENSUSE-SU-2024:14544-1",{"_key":350},"OPENSUSE-SU-2024:14567-1",{"_key":352},"DEBIAN-CVE-2024-53259",{"_key":354},"UBUNTU-CVE-2024-53259",{"_key":356},"RHSA-2024:10766",[],[359,360,361,363,365,367,369,371,373,375,377,379,381,383,385,387,389],{"_key":348},{"_key":350},{"_key":362},"CGA-23H8-98RW-3469",{"_key":364},"CGA-4QV7-4HRR-MFQG",{"_key":366},"CGA-5RHW-4RJW-XJFC",{"_key":368},"CGA-63W8-P6MH-835W",{"_key":370},"CGA-78FP-P73M-78FG",{"_key":372},"CGA-9W2R-526H-Q76R",{"_key":374},"CGA-H282-83RG-46J7",{"_key":376},"CGA-H3FM-X8PF-2852",{"_key":378},"CGA-HJ53-X594-6R7H",{"_key":380},"CGA-HRGP-CV4X-C3CR",{"_key":382},"CGA-J59W-876H-7QCQ",{"_key":384},"CGA-J8WR-H729-HP3X",{"_key":386},"CGA-R7XX-5VCQ-QVW2",{"_key":388},"CGA-W453-643P-2J4J",{"_key":390},"CGA-X3GX-7WVX-M9CW","2024-12-02T16:12:40.605Z","2024-12-02T19:28:08.531Z","Deferred",{"cisa_kev":395,"cisa_ransomware":395,"cisa_vendor":9,"epss_severity":396,"epss_score":397,"severity":398,"severity_score":399,"severity_version":400,"severity_source":401,"severity_vector":402,"severity_status":393},false,"low",0.00755,"medium",6.5,"v3.1","cve.org","CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[404,413,419,423,427,431,436],{"url":405,"sources":406,"tags":409},"https://github.com/quic-go/quic-go/security/advisories/GHSA-px8v-pp82-rcvr",[401,407,408],"nvd","osv_go",[410,411,412],"X Refsource CONFIRM","WEB","Advisory",{"url":414,"sources":415,"tags":416},"https://github.com/quic-go/quic-go/pull/4729",[401,407,408],[417,411,418],"X Refsource MISC","FIX",{"url":420,"sources":421,"tags":422},"https://github.com/quic-go/quic-go/commit/ca31dd355cbe5fc6c5807992d9d1149c66c96a50",[401,407,408],[417,411,418],{"url":424,"sources":425,"tags":426},"https://github.com/quic-go/quic-go/releases/tag/v0.48.2",[401,407,408],[417,411],{"url":428,"sources":429,"tags":430},"https://nvd.nist.gov/vuln/detail/CVE-2024-53259",[408],[412],{"url":432,"sources":433,"tags":434},"https://github.com/quic-go/quic-go",[408],[435],"PACKAGE",{"url":437,"sources":438,"tags":439},"https://datatracker.ietf.org/doc/draft-seemann-tsvwg-udp-fragmentation/",[408],[440],"REPORT",[],{"date":443,"score":397,"percentile":444},"2026-06-04",0.73614,[446,450,453,456,459,462,465,468,470,473,476,479,481,484,486,490,493,496,499,502,505,508,511,513,516,519,522,525,528,531,534,537,540,543,546,549,552,555,558,561,564,567,570,573,576,579,582,585,588,590,592,595,598,601,604,606,609,612,614,617,620,623,626,629,632,635,637,640,643,646,649,652,655,658,661,664,667,669,672,675,678,681,684,687,690,692,695,698,701,704],{"date":447,"score":448,"percentile":449},"2025-11-04",0.00279,0.50958,{"date":451,"score":448,"percentile":452},"2025-11-05",0.50939,{"date":454,"score":448,"percentile":455},"2025-11-06",0.50956,{"date":457,"score":448,"percentile":458},"2025-11-07",0.50979,{"date":460,"score":448,"percentile":461},"2025-11-08",0.50983,{"date":463,"score":448,"percentile":464},"2025-11-09",0.50971,{"date":466,"score":448,"percentile":467},"2025-11-10",0.50941,{"date":469,"score":448,"percentile":449},"2025-11-11",{"date":471,"score":448,"percentile":472},"2025-11-12",0.50982,{"date":474,"score":448,"percentile":475},"2025-11-13",0.50984,{"date":477,"score":448,"percentile":478},"2025-11-14",0.5099,{"date":480,"score":448,"percentile":461},"2025-11-15",{"date":482,"score":448,"percentile":483},"2025-11-16",0.50962,{"date":485,"score":448,"percentile":467},"2025-11-17",{"date":487,"score":488,"percentile":489},"2025-11-18",0.01252,0.77567,{"date":491,"score":488,"percentile":492},"2025-11-19",0.77574,{"date":494,"score":488,"percentile":495},"2025-11-20",0.77584,{"date":497,"score":448,"percentile":498},"2025-11-21",0.50954,{"date":500,"score":448,"percentile":501},"2025-11-22",0.50949,{"date":503,"score":448,"percentile":504},"2025-11-23",0.5091,{"date":506,"score":448,"percentile":507},"2025-11-24",0.50903,{"date":509,"score":448,"percentile":510},"2025-11-25",0.50911,{"date":512,"score":448,"percentile":510},"2025-11-26",{"date":514,"score":448,"percentile":515},"2025-11-27",0.50917,{"date":517,"score":448,"percentile":518},"2025-11-28",0.50883,{"date":520,"score":448,"percentile":521},"2025-11-29",0.50863,{"date":523,"score":448,"percentile":524},"2025-11-30",0.50852,{"date":526,"score":448,"percentile":527},"2025-12-01",0.51004,{"date":529,"score":448,"percentile":530},"2025-12-02",0.51026,{"date":532,"score":448,"percentile":533},"2025-12-03",0.51022,{"date":535,"score":448,"percentile":536},"2025-12-04",0.50867,{"date":538,"score":448,"percentile":539},"2025-12-05",0.50891,{"date":541,"score":448,"percentile":542},"2025-12-06",0.50889,{"date":544,"score":448,"percentile":545},"2025-12-07",0.50881,{"date":547,"score":448,"percentile":548},"2025-12-08",0.50884,{"date":550,"score":448,"percentile":551},"2025-12-09",0.50906,{"date":553,"score":448,"percentile":554},"2025-12-10",0.5097,{"date":556,"score":448,"percentile":557},"2025-12-11",0.50988,{"date":559,"score":448,"percentile":560},"2025-12-12",0.5102,{"date":562,"score":448,"percentile":563},"2025-12-13",0.51006,{"date":565,"score":448,"percentile":566},"2025-12-14",0.50992,{"date":568,"score":448,"percentile":569},"2025-12-15",0.50975,{"date":571,"score":448,"percentile":572},"2025-12-16",0.50987,{"date":574,"score":448,"percentile":575},"2025-12-17",0.51009,{"date":577,"score":448,"percentile":578},"2025-12-18",0.51048,{"date":580,"score":448,"percentile":581},"2025-12-19",0.51051,{"date":583,"score":448,"percentile":584},"2025-12-20",0.51016,{"date":586,"score":448,"percentile":587},"2025-12-21",0.50991,{"date":589,"score":448,"percentile":554},"2025-12-22",{"date":591,"score":448,"percentile":554},"2025-12-23",{"date":593,"score":448,"percentile":594},"2025-12-24",0.5098,{"date":596,"score":448,"percentile":597},"2025-12-25",0.51027,{"date":599,"score":448,"percentile":600},"2025-12-26",0.51018,{"date":602,"score":448,"percentile":603},"2025-12-27",0.51039,{"date":605,"score":448,"percentile":449},"2025-12-28",{"date":607,"score":448,"percentile":608},"2025-12-29",0.50947,{"date":610,"score":448,"percentile":611},"2025-12-30",0.50942,{"date":613,"score":448,"percentile":458},"2025-12-31",{"date":615,"score":448,"percentile":616},"2026-01-01",0.51147,{"date":618,"score":448,"percentile":619},"2026-01-02",0.51126,{"date":621,"score":448,"percentile":622},"2026-01-03",0.5112,{"date":624,"score":448,"percentile":625},"2026-01-04",0.50944,{"date":627,"score":448,"percentile":628},"2026-01-05",0.50925,{"date":630,"score":448,"percentile":631},"2026-01-06",0.50934,{"date":633,"score":448,"percentile":634},"2026-01-07",0.50953,{"date":636,"score":448,"percentile":569},"2026-01-08",{"date":638,"score":448,"percentile":639},"2026-01-09",0.5096,{"date":641,"score":397,"percentile":642},"2026-01-10",0.72724,{"date":644,"score":397,"percentile":645},"2026-01-11",0.72716,{"date":647,"score":397,"percentile":648},"2026-01-12",0.72706,{"date":650,"score":397,"percentile":651},"2026-01-13",0.72703,{"date":653,"score":397,"percentile":654},"2026-01-14",0.7273,{"date":656,"score":397,"percentile":657},"2026-01-15",0.72737,{"date":659,"score":397,"percentile":660},"2026-01-16",0.72752,{"date":662,"score":397,"percentile":663},"2026-01-17",0.72747,{"date":665,"score":397,"percentile":666},"2026-01-18",0.72725,{"date":668,"score":397,"percentile":645},"2026-01-19",{"date":670,"score":397,"percentile":671},"2026-01-20",0.72723,{"date":673,"score":397,"percentile":674},"2026-01-21",0.72728,{"date":676,"score":397,"percentile":677},"2026-01-22",0.72736,{"date":679,"score":397,"percentile":680},"2026-01-23",0.72765,{"date":682,"score":397,"percentile":683},"2026-01-24",0.72772,{"date":685,"score":397,"percentile":686},"2026-01-25",0.72757,{"date":688,"score":397,"percentile":689},"2026-01-26",0.72754,{"date":691,"score":397,"percentile":686},"2026-01-27",{"date":693,"score":397,"percentile":694},"2026-01-28",0.72771,{"date":696,"score":397,"percentile":697},"2026-01-29",0.72775,{"date":699,"score":397,"percentile":700},"2026-01-30",0.72781,{"date":702,"score":397,"percentile":703},"2026-01-31",0.72785,{"date":705,"score":397,"percentile":706},"2026-02-01",0.7291,[708,713,715],{"source":401,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":709,"cvss_v4_0":9},{"baseScore":399,"baseSeverity":710,"vectorString":402,"impactScore":711,"exploitabilityScore":712},"MEDIUM",6,7.2,{"source":407,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":714,"cvss_v4_0":9},{"baseScore":399,"baseSeverity":710,"vectorString":402,"impactScore":711,"exploitabilityScore":712},{"source":408,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":716,"cvss_v4_0":717},{"baseScore":399,"baseSeverity":9,"vectorString":402,"impactScore":711,"exploitabilityScore":712},{"baseScore":711,"baseSeverity":9,"vectorString":718,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",[720,733],{"ecosystem":721,"name":722,"vendor":723,"product":724,"cpe_part":9,"purl_type":725,"purl_namespace":723,"purl_name":724,"source":9,"versions":726},"Go","github.com/quic-go/quic-go","github.com/quic-go","quic-go","golang",[727],{"version":728,"is_range":729,"range_type":730,"version_start":9,"version_start_type":9,"version_end":731,"version_end_type":732,"fixed_in":9},"lt0_48_2",true,"semver","0.48.2","excluding",{"ecosystem":9,"name":724,"vendor":724,"product":724,"cpe_part":734,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":735},"a",[736],{"version":737,"is_range":729,"range_type":401,"version_start":9,"version_start_type":9,"version_end":731,"version_end_type":732,"fixed_in":9},"\u003C 0.48.2"]