Bug 2237777 (CVE-2023-39321) - CVE-2023-39321 golang: crypto/tls: panic when processing post-handshake message on QUIC connections
Summary: CVE-2023-39321 golang: crypto/tls: panic when processing post-handshake messa...
Keywords:
Status: NEW
Alias: CVE-2023-39321
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Sayan Biswas
QA Contact:
URL:
Whiteboard:
Depends On: 2238064 2238077 2238078 2238079 2238080 2238084 2238085 2238086 2238059 2238060 2238061 2238062 2238063 2238065 2238066 2238067 2238068 2238069 2238070 2238071 2238072 2238073 2238074 2238075 2238076 2238081 2238082 2238083 2238088 2238089 2238090 2238091 2238092 2238093 2238094 2238095 2238808 2238809
Blocks: 2237770
TreeView+ depends on / blocked
 
Reported: 2023-09-06 20:23 UTC by Patrick Del Bello
Modified: 2024-05-07 20:23 UTC (History)
124 users (show)

Fixed In Version: golang 1.20.8, golang 1.21.1
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:5009 0 None None None 2023-10-31 14:02:24 UTC
Red Hat Product Errata RHSA-2023:5947 0 None None None 2023-10-26 00:48:09 UTC
Red Hat Product Errata RHSA-2023:5974 0 None None None 2023-10-20 16:50:12 UTC
Red Hat Product Errata RHSA-2023:6031 0 None None None 2023-10-23 14:24:56 UTC
Red Hat Product Errata RHSA-2023:6085 0 None None None 2023-10-24 15:32:48 UTC
Red Hat Product Errata RHSA-2023:6115 0 None None None 2023-10-25 14:02:09 UTC
Red Hat Product Errata RHSA-2023:6119 0 None None None 2023-10-25 15:53:02 UTC
Red Hat Product Errata RHSA-2023:6122 0 None None None 2023-10-25 18:15:30 UTC
Red Hat Product Errata RHSA-2023:6145 0 None None None 2023-10-26 18:18:27 UTC
Red Hat Product Errata RHSA-2023:6148 0 None None None 2023-10-26 19:20:39 UTC
Red Hat Product Errata RHSA-2023:6154 0 None None None 2023-11-01 00:30:53 UTC
Red Hat Product Errata RHSA-2023:6161 0 None None None 2023-10-30 02:16:31 UTC
Red Hat Product Errata RHSA-2023:6200 0 None None None 2023-10-30 18:15:43 UTC
Red Hat Product Errata RHSA-2023:6202 0 None None None 2023-10-30 20:14:23 UTC
Red Hat Product Errata RHSA-2023:6840 0 None None None 2023-11-15 04:38:12 UTC
Red Hat Product Errata RHSA-2023:7517 0 None None None 2023-11-27 19:28:03 UTC
Red Hat Product Errata RHSA-2023:7762 0 None None None 2023-12-12 17:23:25 UTC
Red Hat Product Errata RHSA-2023:7763 0 None None None 2023-12-12 17:24:46 UTC
Red Hat Product Errata RHSA-2023:7764 0 None None None 2023-12-12 17:23:47 UTC
Red Hat Product Errata RHSA-2023:7765 0 None None None 2023-12-12 17:24:58 UTC
Red Hat Product Errata RHSA-2023:7766 0 None None None 2023-12-12 17:24:21 UTC
Red Hat Product Errata RHSA-2024:0121 0 None None None 2024-01-10 11:28:31 UTC
Red Hat Product Errata RHSA-2024:1901 0 None None None 2024-04-18 07:18:27 UTC

Description Patrick Del Bello 2023-09-06 20:23:19 UTC 
Processing an incomplete post-handshake message for a QUIC connection caused a panic.
Comment 8 Anten Skrabec 2023-09-13 17:20:54 UTC 
Created golang tracking bugs for this issue:

Affects: epel-all [bug 2238808]
Affects: fedora-all [bug 2238809]
Comment 12 errata-xmlrpc 2023-10-20 16:50:05 UTC 
This issue has been addressed in the following products:

  NETWORK-OBSERVABILITY-1.4.0-RHEL-9

Via RHSA-2023:5974 https://access.redhat.com/errata/RHSA-2023:5974
Comment 13 errata-xmlrpc 2023-10-23 14:24:47 UTC 
This issue has been addressed in the following products:

  Cryostat 2 on RHEL 8

Via RHSA-2023:6031 https://access.redhat.com/errata/RHSA-2023:6031
Comment 14 errata-xmlrpc 2023-10-24 15:32:42 UTC 
This issue has been addressed in the following products:

  Red Hat Openshift distributed tracing 2.9

Via RHSA-2023:6085 https://access.redhat.com/errata/RHSA-2023:6085
Comment 15 errata-xmlrpc 2023-10-25 14:02:02 UTC 
This issue has been addressed in the following products:

  OADP-1.1-RHEL-8

Via RHSA-2023:6115 https://access.redhat.com/errata/RHSA-2023:6115
Comment 16 errata-xmlrpc 2023-10-25 15:52:55 UTC 
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.3 for RHEL 8

Via RHSA-2023:6119 https://access.redhat.com/errata/RHSA-2023:6119
Comment 17 errata-xmlrpc 2023-10-25 18:15:24 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.8 for RHEL 8

Via RHSA-2023:6122 https://access.redhat.com/errata/RHSA-2023:6122
Comment 18 errata-xmlrpc 2023-10-26 00:48:02 UTC 
This issue has been addressed in the following products:

  RODOO-1.0-RHEL-8

Via RHSA-2023:5947 https://access.redhat.com/errata/RHSA-2023:5947
Comment 19 errata-xmlrpc 2023-10-26 18:18:18 UTC 
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.2 for RHEL 8

Via RHSA-2023:6145 https://access.redhat.com/errata/RHSA-2023:6145
Comment 20 errata-xmlrpc 2023-10-26 19:20:32 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8

Via RHSA-2023:6148 https://access.redhat.com/errata/RHSA-2023:6148
Comment 21 errata-xmlrpc 2023-10-30 02:16:24 UTC 
This issue has been addressed in the following products:

  Red Hat Migration Toolkit for Containers 1.7

Via RHSA-2023:6161 https://access.redhat.com/errata/RHSA-2023:6161
Comment 22 errata-xmlrpc 2023-10-30 18:15:34 UTC 
This issue has been addressed in the following products:

  multicluster engine for Kubernetes 2.1 for RHEL 8

Via RHSA-2023:6200 https://access.redhat.com/errata/RHSA-2023:6200
Comment 23 errata-xmlrpc 2023-10-30 20:14:16 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Management for Kubernetes 2.6 for RHEL 8

Via RHSA-2023:6202 https://access.redhat.com/errata/RHSA-2023:6202
Comment 24 errata-xmlrpc 2023-10-31 14:02:16 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:5009 https://access.redhat.com/errata/RHSA-2023:5009
Comment 25 errata-xmlrpc 2023-11-01 00:30:44 UTC 
This issue has been addressed in the following products:

  OSSO-1.2-RHEL-8

Via RHSA-2023:6154 https://access.redhat.com/errata/RHSA-2023:6154
Comment 26 errata-xmlrpc 2023-11-15 04:38:04 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2023:6840 https://access.redhat.com/errata/RHSA-2023:6840
Comment 27 errata-xmlrpc 2023-11-27 19:27:54 UTC 
This issue has been addressed in the following products:

  Red Hat Ansible Automation Platform 2.4 for RHEL 8
  Red Hat Ansible Automation Platform 2.4 for RHEL 9

Via RHSA-2023:7517 https://access.redhat.com/errata/RHSA-2023:7517
Comment 28 errata-xmlrpc 2023-12-12 17:23:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:7762 https://access.redhat.com/errata/RHSA-2023:7762
Comment 29 errata-xmlrpc 2023-12-12 17:23:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:7764 https://access.redhat.com/errata/RHSA-2023:7764
Comment 30 errata-xmlrpc 2023-12-12 17:24:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:7766 https://access.redhat.com/errata/RHSA-2023:7766
Comment 31 errata-xmlrpc 2023-12-12 17:24:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:7763 https://access.redhat.com/errata/RHSA-2023:7763
Comment 32 errata-xmlrpc 2023-12-12 17:24:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:7765 https://access.redhat.com/errata/RHSA-2023:7765
Comment 33 errata-xmlrpc 2024-01-10 11:28:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:0121 https://access.redhat.com/errata/RHSA-2024:0121
Comment 34 errata-xmlrpc 2024-04-18 07:18:20 UTC 
This issue has been addressed in the following products:

  Service Interconnect 1 for RHEL 9

Via RHSA-2024:1901 https://access.redhat.com/errata/RHSA-2024:1901
Note You need to log in before you can comment on or make changes to this bug.