{"id":"GO-2024-2459","summary":"Denial of service via path validation in github.com/quic-go/quic-go","details":"Denial of service via path validation in github.com/quic-go/quic-go","aliases":["CVE-2023-49295","GHSA-ppxx-5m9h-6vxf"],"modified":"2026-02-04T02:21:26.555844Z","published":"2024-01-23T17:04:50Z","related":["CGA-v3mj-2pqh-vj38"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2024-2459","review_status":"REVIEWED"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49295"},{"type":"FIX","url":"https://github.com/quic-go/quic-go/commit/17fc98c2d81dbe685c19702dc694a9d606ac56dc"},{"type":"FIX","url":"https://github.com/quic-go/quic-go/commit/21609ddfeff93668c7625a85eb09f1541fdad965"},{"type":"FIX","url":"https://github.com/quic-go/quic-go/commit/3a9c18bcd27a01c551ac9bf8bd2b4bded77c189a"},{"type":"FIX","url":"https://github.com/quic-go/quic-go/commit/554d543b50b917369fb1394cc5396d928166cf49"},{"type":"FIX","url":"https://github.com/quic-go/quic-go/commit/6cc3d58935426191296171a6c0d1ee965e10534e"},{"type":"FIX","url":"https://github.com/quic-go/quic-go/commit/9aaefe19fc3dc8c8917cc87e6128bb56d9e9e6cc"},{"type":"FIX","url":"https://github.com/quic-go/quic-go/commit/a0ffa757499913f7be69aa78f573a6aee3430ae4"},{"type":"FIX","url":"https://github.com/quic-go/quic-go/commit/d7aa627ebde91cf799ada2a07443faa9b1e5abb8"},{"type":"WEB","url":"https://seemann.io/posts/2023-12-18-exploiting-quics-path-validation/"}],"affected":[{"package":{"name":"github.com/quic-go/quic-go","ecosystem":"Go","purl":"pkg:golang/github.com/quic-go/quic-go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.37.7"},{"introduced":"0.38.0"},{"fixed":"0.38.2"},{"introduced":"0.39.0"},{"fixed":"0.39.4"},{"introduced":"0.40.0"},{"fixed":"0.40.1"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2024-2459.json"}}],"schema_version":"1.7.3"}