Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
quic-go vulnerable to pointer dereference that can lead to panic
Vulnerability Description
quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference (leading to a panic) when the node attempted to drop the Handshake packet number space. An attacker can bring down a quic-go node with very minimal effort. Completing the QUIC handshake only requires sending and receiving a few packets. Version 0.37.3 contains a patch. Versions before 0.37.0 are not affected.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未捕获的异常
Vulnerability Title
quic-go 安全漏洞
Vulnerability Description
quic-go是Lucas Clemente个人开发者的一种 QUIC 协议、RFC 9000协议在 Go 中的实现。 quic-go 0.37.0至0.37.3之前版本存在安全漏洞,该漏洞源于允许攻击者在完成握手时序列化ACK帧,使远程节点触发nil取消引用,进而导致进程崩溃。
CVSS Information
N/A
Vulnerability Type
N/A