{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T13:57:19.529","vulnerabilities":[{"cve":{"id":"CVE-2023-39322","sourceIdentifier":"security@golang.org","published":"2023-09-08T17:15:28.120","lastModified":"2024-11-21T08:15:09.307","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size."},{"lang":"es","value":"Las conexiones QUIC no establecen un límite superior en la cantidad de datos almacenados en el búfer al leer mensajes post-handshake, lo que permite que una conexión QUIC maliciosa provoque un crecimiento ilimitado de la memoria. Con la solución aplicada, las conexiones ahora rechazan sistemáticamente los mensajes de más de 65 KiB de tamaño."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*","versionStartIncluding":"1.21.0","versionEndExcluding":"1.21.1","matchCriteriaId":"958E1BA0-2840-47E9-A790-79C10164C68C"}]}]}],"references":[{"url":"https://go.dev/cl/523039","source":"security@golang.org","tags":["Patch"]},{"url":"https://go.dev/issue/62266","source":"security@golang.org","tags":["Issue Tracking"]},{"url":"https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ","source":"security@golang.org","tags":["Mailing List","Release Notes"]},{"url":"https://pkg.go.dev/vuln/GO-2023-2045","source":"security@golang.org","tags":["Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/202311-09","source":"security@golang.org"},{"url":"https://security.netapp.com/advisory/ntap-20231020-0004/","source":"security@golang.org","tags":["Third Party Advisory"]},{"url":"https://go.dev/cl/523039","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://go.dev/issue/62266","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Release Notes"]},{"url":"https://pkg.go.dev/vuln/GO-2023-2045","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/202311-09","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20231020-0004/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}