| { |
| "schema_version": "1.3.1", |
| "id": "GO-2024-3302", |
| "modified": "0001-01-01T00:00:00Z", |
| "published": "0001-01-01T00:00:00Z", |
| "aliases": [ |
| "CVE-2024-53259", |
| "GHSA-px8v-pp82-rcvr" |
| ], |
| "summary": "ICMP Packet Too Large Injection Attack on Linux in github.com/quic-go/quic-go", |
| "details": "ICMP Packet Too Large Injection Attack on Linux in github.com/quic-go/quic-go", |
| "affected": [ |
| { |
| "package": { |
| "name": "github.com/quic-go/quic-go", |
| "ecosystem": "Go" |
| }, |
| "ranges": [ |
| { |
| "type": "SEMVER", |
| "events": [ |
| { |
| "introduced": "0" |
| }, |
| { |
| "fixed": "0.48.2" |
| } |
| ] |
| } |
| ], |
| "ecosystem_specific": { |
| "imports": [ |
| { |
| "path": "github.com/quic-go/quic-go", |
| "goos": [ |
| "linux" |
| ], |
| "symbols": [ |
| "Dial", |
| "DialAddr", |
| "DialAddrEarly", |
| "DialEarly", |
| "Listen", |
| "ListenAddr", |
| "ListenAddrEarly", |
| "ListenEarly", |
| "StreamError.Error", |
| "Transport.Close", |
| "Transport.Dial", |
| "Transport.DialEarly", |
| "Transport.Listen", |
| "Transport.ListenEarly", |
| "Transport.ReadNonQUICPacket", |
| "Transport.WriteTo", |
| "connIDGenerator.RemoveAll", |
| "connIDGenerator.ReplaceWithClosed", |
| "connIDGenerator.Retire", |
| "connIDGenerator.SetHandshakeComplete", |
| "connIDGenerator.SetMaxActiveConnIDs", |
| "connIDManager.Add", |
| "connIDManager.AddFromPreferredAddress", |
| "connIDManager.Get", |
| "connMultiplexer.RemoveConn", |
| "connection.AcceptStream", |
| "connection.AcceptUniStream", |
| "connection.CloseWithError", |
| "connection.OpenStream", |
| "connection.OpenStreamSync", |
| "connection.OpenUniStream", |
| "connection.OpenUniStreamSync", |
| "cryptoStream.HandleCryptoFrame", |
| "cryptoStreamManager.Drop", |
| "cryptoStreamManager.GetCryptoData", |
| "cryptoStreamManager.HandleCryptoFrame", |
| "datagramQueue.HandleDatagramFrame", |
| "framer.AppendControlFrames", |
| "mtuFinderAckHandler.OnAcked", |
| "oobConn.ReadPacket", |
| "packetHandlerMap.Add", |
| "packetHandlerMap.AddWithConnID", |
| "packetHandlerMap.Close", |
| "packetHandlerMap.GetStatelessResetToken", |
| "packetHandlerMap.Remove", |
| "packetHandlerMap.ReplaceWithClosed", |
| "packetHandlerMap.Retire", |
| "packetPacker.AppendPacket", |
| "packetPacker.MaybePackProbePacket", |
| "packetPacker.PackAckOnlyPacket", |
| "packetPacker.PackApplicationClose", |
| "packetPacker.PackCoalescedPacket", |
| "packetPacker.PackConnectionClose", |
| "packetPacker.PackMTUProbePacket", |
| "packetUnpacker.UnpackLongHeader", |
| "packetUnpacker.UnpackShortHeader", |
| "receiveStream.CancelRead", |
| "receiveStream.Read", |
| "retransmissionQueue.DropPackets", |
| "sconn.Write", |
| "sendQueue.Run", |
| "sendStream.CancelWrite", |
| "sendStream.Close", |
| "sendStream.Write", |
| "setDF", |
| "stream.Close", |
| "streamsMap.AcceptStream", |
| "streamsMap.AcceptUniStream", |
| "streamsMap.DeleteStream", |
| "streamsMap.GetOrOpenReceiveStream", |
| "streamsMap.GetOrOpenSendStream", |
| "streamsMap.OpenStream", |
| "streamsMap.OpenStreamSync", |
| "streamsMap.OpenUniStream", |
| "streamsMap.OpenUniStreamSync" |
| ] |
| } |
| ] |
| } |
| } |
| ], |
| "references": [ |
| { |
| "type": "ADVISORY", |
| "url": "https://github.com/quic-go/quic-go/security/advisories/GHSA-px8v-pp82-rcvr" |
| }, |
| { |
| "type": "FIX", |
| "url": "https://github.com/quic-go/quic-go/commit/ca31dd355cbe5fc6c5807992d9d1149c66c96a50" |
| }, |
| { |
| "type": "FIX", |
| "url": "https://github.com/quic-go/quic-go/pull/4729" |
| }, |
| { |
| "type": "WEB", |
| "url": "https://github.com/quic-go/quic-go/releases/tag/v0.48.2" |
| }, |
| { |
| "type": "REPORT", |
| "url": "https://datatracker.ietf.org/doc/draft-seemann-tsvwg-udp-fragmentation/" |
| } |
| ], |
| "database_specific": { |
| "url": "https://pkg.go.dev/vuln/GO-2024-3302", |
| "review_status": "REVIEWED" |
| } |
| } |
