admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-393xx/CVE-2023-39322.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

155 lines
4.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-39322",
"sourceIdentifier": "security@golang.org",
"published": "2023-09-08T17:15:28.120",
"lastModified": "2024-11-21T08:15:09.307",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size."
},
{
"lang": "es",
"value": "Las conexiones QUIC no establecen un l\u00edmite superior en la cantidad de datos almacenados en el b\u00fafer al leer mensajes post-handshake, lo que permite que una conexi\u00f3n QUIC maliciosa provoque un crecimiento ilimitado de la memoria. Con la soluci\u00f3n aplicada, las conexiones ahora rechazan sistem\u00e1ticamente los mensajes de m\u00e1s de 65 KiB de tama\u00f1o."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.21.0",
"versionEndExcluding": "1.21.1",
"matchCriteriaId": "958E1BA0-2840-47E9-A790-79C10164C68C"
}
]
}
]
}
],
"references": [
{
"url": "https://go.dev/cl/523039",
"source": "security@golang.org",
"tags": [
"Patch"
]
},
{
"url": "https://go.dev/issue/62266",
"source": "security@golang.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"source": "security@golang.org",
"tags": [
"Mailing List",
"Release Notes"
]
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-2045",
"source": "security@golang.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202311-09",
"source": "security@golang.org"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231020-0004/",
"source": "security@golang.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://go.dev/cl/523039",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://go.dev/issue/62266",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Release Notes"
]
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-2045",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202311-09",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231020-0004/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink