{"id":"GO-2023-2160","summary":"Panic during QUIC handshake in github.com/quic-go/quic-go","details":"The QUIC handshake can cause a panic when processing a certain sequence of frames. A malicious peer can deliberately trigger this panic.","aliases":["CVE-2023-46239","GHSA-3q6m-v84f-6p9h"],"modified":"2026-03-17T04:50:21.530002Z","published":"2023-11-02T21:44:01Z","database_specific":{"url":"https://pkg.go.dev/vuln/GO-2023-2160","review_status":"REVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/quic-go/quic-go/security/advisories/GHSA-3q6m-v84f-6p9h"},{"type":"FIX","url":"https://github.com/quic-go/quic-go/commit/b6a4725b60f1fe04e8f1ddcc3114e290fcea1617"}],"affected":[{"package":{"name":"github.com/quic-go/quic-go","ecosystem":"Go","purl":"pkg:golang/github.com/quic-go/quic-go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.37.0"},{"fixed":"0.37.3"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/quic-go/quic-go"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2023-2160.json"}}],"schema_version":"1.7.5"}