| { |
| "schema_version": "1.3.1", |
| "id": "GO-2025-4017", |
| "modified": "0001-01-01T00:00:00Z", |
| "published": "0001-01-01T00:00:00Z", |
| "aliases": [ |
| "CVE-2025-59530", |
| "GHSA-47m2-4cr7-mhcw" |
| ], |
| "summary": "Panic occurs when queuing undecryptable packets after handshake completion in github.com/quic-go/quic-go", |
| "details": "Panic occurs when queuing undecryptable packets after handshake completion in github.com/quic-go/quic-go", |
| "affected": [ |
| { |
| "package": { |
| "name": "github.com/quic-go/quic-go", |
| "ecosystem": "Go" |
| }, |
| "ranges": [ |
| { |
| "type": "SEMVER", |
| "events": [ |
| { |
| "introduced": "0" |
| }, |
| { |
| "fixed": "0.49.1" |
| }, |
| { |
| "introduced": "0.50.0" |
| }, |
| { |
| "fixed": "0.54.1" |
| } |
| ] |
| } |
| ], |
| "ecosystem_specific": { |
| "imports": [ |
| { |
| "path": "github.com/quic-go/quic-go", |
| "symbols": [ |
| "Conn.handleHandshakeConfirmed", |
| "Dial", |
| "DialAddr", |
| "DialAddrEarly", |
| "DialEarly", |
| "Listen", |
| "ListenAddr", |
| "ListenAddrEarly", |
| "ListenEarly", |
| "Transport.Dial", |
| "Transport.DialEarly", |
| "Transport.Listen", |
| "Transport.ListenEarly" |
| ] |
| } |
| ] |
| } |
| } |
| ], |
| "references": [ |
| { |
| "type": "ADVISORY", |
| "url": "https://github.com/quic-go/quic-go/security/advisories/GHSA-47m2-4cr7-mhcw" |
| }, |
| { |
| "type": "FIX", |
| "url": "https://github.com/quic-go/quic-go/commit/bc5bccf10fd02728eef150683eb4dfaa5c0e749c" |
| }, |
| { |
| "type": "FIX", |
| "url": "https://github.com/quic-go/quic-go/commit/ce7c9ea8834b9d2ed79efa9269467f02c0895d42" |
| }, |
| { |
| "type": "FIX", |
| "url": "https://github.com/quic-go/quic-go/pull/5354" |
| }, |
| { |
| "type": "WEB", |
| "url": "https://github.com/quic-go/quic-go/blob/v0.55.0/connection.go#L2682-L2685" |
| } |
| ], |
| "database_specific": { |
| "url": "https://pkg.go.dev/vuln/GO-2025-4017", |
| "review_status": "REVIEWED" |
| } |
| } |
