{"id":"GO-2024-3302","summary":"ICMP Packet Too Large Injection Attack on Linux in github.com/quic-go/quic-go","details":"ICMP Packet Too Large Injection Attack on Linux in github.com/quic-go/quic-go","aliases":["CVE-2024-53259","GHSA-px8v-pp82-rcvr"],"modified":"2026-02-04T04:13:29.531473Z","published":"2024-12-04T16:13:30Z","related":["CGA-x3gx-7wvx-m9cw"],"database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2024-3302"},"references":[{"type":"ADVISORY","url":"https://github.com/quic-go/quic-go/security/advisories/GHSA-px8v-pp82-rcvr"},{"type":"FIX","url":"https://github.com/quic-go/quic-go/commit/ca31dd355cbe5fc6c5807992d9d1149c66c96a50"},{"type":"FIX","url":"https://github.com/quic-go/quic-go/pull/4729"},{"type":"WEB","url":"https://github.com/quic-go/quic-go/releases/tag/v0.48.2"},{"type":"REPORT","url":"https://datatracker.ietf.org/doc/draft-seemann-tsvwg-udp-fragmentation/"}],"affected":[{"package":{"name":"github.com/quic-go/quic-go","ecosystem":"Go","purl":"pkg:golang/github.com/quic-go/quic-go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.48.2"}]}],"ecosystem_specific":{"imports":[{"symbols":["Dial","DialAddr","DialAddrEarly","DialEarly","Listen","ListenAddr","ListenAddrEarly","ListenEarly","StreamError.Error","Transport.Close","Transport.Dial","Transport.DialEarly","Transport.Listen","Transport.ListenEarly","Transport.ReadNonQUICPacket","Transport.WriteTo","connIDGenerator.RemoveAll","connIDGenerator.ReplaceWithClosed","connIDGenerator.Retire","connIDGenerator.SetHandshakeComplete","connIDGenerator.SetMaxActiveConnIDs","connIDManager.Add","connIDManager.AddFromPreferredAddress","connIDManager.Get","connMultiplexer.RemoveConn","connection.AcceptStream","connection.AcceptUniStream","connection.CloseWithError","connection.OpenStream","connection.OpenStreamSync","connection.OpenUniStream","connection.OpenUniStreamSync","cryptoStream.HandleCryptoFrame","cryptoStreamManager.Drop","cryptoStreamManager.GetCryptoData","cryptoStreamManager.HandleCryptoFrame","datagramQueue.HandleDatagramFrame","framer.AppendControlFrames","mtuFinderAckHandler.OnAcked","oobConn.ReadPacket","packetHandlerMap.Add","packetHandlerMap.AddWithConnID","packetHandlerMap.Close","packetHandlerMap.GetStatelessResetToken","packetHandlerMap.Remove","packetHandlerMap.ReplaceWithClosed","packetHandlerMap.Retire","packetPacker.AppendPacket","packetPacker.MaybePackProbePacket","packetPacker.PackAckOnlyPacket","packetPacker.PackApplicationClose","packetPacker.PackCoalescedPacket","packetPacker.PackConnectionClose","packetPacker.PackMTUProbePacket","packetUnpacker.UnpackLongHeader","packetUnpacker.UnpackShortHeader","receiveStream.CancelRead","receiveStream.Read","retransmissionQueue.DropPackets","sconn.Write","sendQueue.Run","sendStream.CancelWrite","sendStream.Close","sendStream.Write","setDF","stream.Close","streamsMap.AcceptStream","streamsMap.AcceptUniStream","streamsMap.DeleteStream","streamsMap.GetOrOpenReceiveStream","streamsMap.GetOrOpenSendStream","streamsMap.OpenStream","streamsMap.OpenStreamSync","streamsMap.OpenUniStream","streamsMap.OpenUniStreamSync"],"goos":["linux"],"path":"github.com/quic-go/quic-go"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2024-3302.json"}}],"schema_version":"1.7.3"}