High severity7.5NVD Advisory· Published Sep 8, 2023· Updated Jun 17, 2026
CVE-2023-39322
CVE-2023-39322
Description
QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
57- osv-coords54 versionspkg:apk/chainguard/metrics-serverpkg:apk/chainguard/metrics-server-bitnami-compatpkg:apk/chainguard/metrics-server-compatpkg:apk/chainguard/metrics-server-iamguarded-compatpkg:apk/wolfi/metrics-serverpkg:apk/wolfi/metrics-server-bitnami-compatpkg:apk/wolfi/metrics-server-compatpkg:apk/wolfi/metrics-server-iamguarded-compatpkg:bitnami/golangpkg:rpm/almalinux/aardvark-dnspkg:rpm/almalinux/buildahpkg:rpm/almalinux/buildah-testspkg:rpm/almalinux/cockpit-podmanpkg:rpm/almalinux/conmonpkg:rpm/almalinux/containernetworking-pluginspkg:rpm/almalinux/containers-commonpkg:rpm/almalinux/container-selinuxpkg:rpm/almalinux/critpkg:rpm/almalinux/criupkg:rpm/almalinux/criu-develpkg:rpm/almalinux/criu-libspkg:rpm/almalinux/crunpkg:rpm/almalinux/fuse-overlayfspkg:rpm/almalinux/git-lfspkg:rpm/almalinux/libslirppkg:rpm/almalinux/libslirp-develpkg:rpm/almalinux/netavarkpkg:rpm/almalinux/oci-seccomp-bpf-hookpkg:rpm/almalinux/podmanpkg:rpm/almalinux/podman-catatonitpkg:rpm/almalinux/podman-dockerpkg:rpm/almalinux/podman-gvproxypkg:rpm/almalinux/podman-pluginspkg:rpm/almalinux/podman-remotepkg:rpm/almalinux/podman-testspkg:rpm/almalinux/python3-criupkg:rpm/almalinux/python3-podmanpkg:rpm/almalinux/runcpkg:rpm/almalinux/skopeopkg:rpm/almalinux/skopeo-testspkg:rpm/almalinux/slirp4netnspkg:rpm/almalinux/toolboxpkg:rpm/almalinux/toolbox-testspkg:rpm/almalinux/udicapkg:rpm/opensuse/go1.21&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/go1.21&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/go1.21-openssl&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/go1.21-openssl&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/go1.21&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/go1.21&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/go1.21&distro=SUSE%20Package%20Hub%2012pkg:rpm/suse/go1.21-openssl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/go1.21-openssl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/go&distro=SUSE%20Package%20Hub%2012
< 0.6.4-r1+ 53 more
- (no CPE)range: < 0.6.4-r1
- (no CPE)range: < 0.6.4-r1
- (no CPE)range: < 0.6.4-r1
- (no CPE)range: < 0.6.4-r1
- (no CPE)range: < 0.6.4-r1
- (no CPE)range: < 0.6.4-r1
- (no CPE)range: < 0.6.4-r1
- (no CPE)range: < 0.6.4-r1
- (no CPE)range: >= 1.21.0, < 1.21.1
- (no CPE)range: < 2:1.0.1-38.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1:1.31.3-2.el9_3
- (no CPE)range: < 1:1.31.3-2.el9_3
- (no CPE)range: < 46-1.module_el8.7.0+3344+5bcd850f
- (no CPE)range: < 2:2.1.4-2.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1:1.3.0-6.el9_3
- (no CPE)range: < 2:1-38.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 2:2.205.0-3.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 3.15-3.module_el8.6.0+3137+d33c3efb
- (no CPE)range: < 3.15-3.module_el8.6.0+2877+8e437bf5
- (no CPE)range: < 3.15-3.module_el8.6.0+2877+8e437bf5
- (no CPE)range: < 3.15-3.module_el8.6.0+2877+8e437bf5
- (no CPE)range: < 1.8.7-1.module_el8.9.0+3683+33eb0feb
- (no CPE)range: < 1.9-2.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 3.6.1-1.el9
- (no CPE)range: < 4.4.0-1.module_el8.6.0+2877+8e437bf5
- (no CPE)range: < 4.4.0-1.module_el8.6.0+3137+d33c3efb
- (no CPE)range: < 2:1.0.1-38.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1.2.5-2.module_el8.8.0+3468+16b86c82
- (no CPE)range: < 2:4.6.1-7.el9_3
- (no CPE)range: < 2:4.0.2-25.module_el8.9.0+3711+04fcca5e.alma.1
- (no CPE)range: < 2:4.6.1-7.el9_3
- (no CPE)range: < 2:4.6.1-7.el9_3
- (no CPE)range: < 2:4.6.1-7.el9_3
- (no CPE)range: < 2:4.6.1-7.el9_3
- (no CPE)range: < 2:4.6.1-7.el9_3
- (no CPE)range: < 3.15-3.module_el8.6.0+3137+d33c3efb
- (no CPE)range: < 4.0.0-2.module_el8.9.0+3711+04fcca5e
- (no CPE)range: < 4:1.1.9-2.el9_3
- (no CPE)range: < 2:1.13.3-3.el9_3
- (no CPE)range: < 2:1.13.3-3.el9_3
- (no CPE)range: < 1.1.8-3.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 0.0.99.4-5.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 0.0.99.4-5.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 0.2.6-4.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1.21.1-150000.1.6.1
- (no CPE)range: < 1.21.1-150000.1.6.1
- (no CPE)range: < 1.21.4.1-150000.1.5.1
- (no CPE)range: < 1.21.4.1-150000.1.5.1
- (no CPE)range: < 1.21.1-150000.1.6.1
- (no CPE)range: < 1.21.1-150000.1.6.1
- (no CPE)range: < 1.21.3-2.1
- (no CPE)range: < 1.21.4.1-150000.1.5.1
- (no CPE)range: < 1.21.4.1-150000.1.5.1
- (no CPE)range: < 1.21-41.1
- Go standard library/crypto/tlsv5Range: 1.21.0-0
Patches
Vulnerability mechanics
References
6- go.dev/cl/523039nvdPatch
- pkg.go.dev/vuln/GO-2023-2045nvdVendor Advisory
- security.netapp.com/advisory/ntap-20231020-0004/nvdThird Party Advisory
- go.dev/issue/62266nvdIssue Tracking
- groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJnvdMailing ListRelease Notes
- security.gentoo.org/glsa/202311-09nvd
News mentions
0No linked articles in our index yet.