{"id":"GO-2025-4017","summary":"Panic occurs when queuing undecryptable packets after handshake completion in github.com/quic-go/quic-go","details":"Panic occurs when queuing undecryptable packets after handshake completion in github.com/quic-go/quic-go","aliases":["CVE-2025-59530","GHSA-47m2-4cr7-mhcw"],"modified":"2026-02-04T02:57:00.946884Z","published":"2025-11-05T18:41:07Z","related":["CGA-8h2r-m9j3-fwcq"],"database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2025-4017"},"references":[{"type":"ADVISORY","url":"https://github.com/quic-go/quic-go/security/advisories/GHSA-47m2-4cr7-mhcw"},{"type":"FIX","url":"https://github.com/quic-go/quic-go/commit/bc5bccf10fd02728eef150683eb4dfaa5c0e749c"},{"type":"FIX","url":"https://github.com/quic-go/quic-go/commit/ce7c9ea8834b9d2ed79efa9269467f02c0895d42"},{"type":"FIX","url":"https://github.com/quic-go/quic-go/pull/5354"},{"type":"WEB","url":"https://github.com/quic-go/quic-go/blob/v0.55.0/connection.go#L2682-L2685"}],"affected":[{"package":{"name":"github.com/quic-go/quic-go","ecosystem":"Go","purl":"pkg:golang/github.com/quic-go/quic-go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.49.1"},{"introduced":"0.50.0"},{"fixed":"0.54.1"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/quic-go/quic-go","symbols":["Conn.handleHandshakeConfirmed","Dial","DialAddr","DialAddrEarly","DialEarly","Listen","ListenAddr","ListenAddrEarly","ListenEarly","Transport.Dial","Transport.DialEarly","Transport.Listen","Transport.ListenEarly"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-4017.json"}}],"schema_version":"1.7.3"}