Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:golang/github.com/quic-go/quic-go@0.37.3
Typegolang
Namespacegithub.com/quic-go
Namequic-go
Version0.37.3
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version0.37.7
Latest_non_vulnerable_version0.57.0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-sc4h-pbrk-duf6
vulnerability_id VCID-sc4h-pbrk-duf6
summary 
quic-go vulnerable to pointer dereference that can lead to panic
quic-go is an implementation of the [QUIC](https://datatracker.ietf.org/doc/html/rfc9000) transport protocol in Go. By serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference (leading to a panic) when the node attempted to drop the Handshake packet number space.

**Impact**

An attacker can bring down a quic-go node with very minimal effort. Completing the QUIC handshake only requires sending and receiving a few packets.

**Patches**

[v0.37.3](https://github.com/quic-go/quic-go/releases/tag/v0.37.3) contains a patch. Versions before v0.37.0 are not affected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46239
reference_id
reference_type
scores
0
value 0.0043
scoring_system epss
scoring_elements 0.62542
published_at 2026-04-04T12:55:00Z
1
value 0.0043
scoring_system epss
scoring_elements 0.62612
published_at 2026-04-29T12:55:00Z
2
value 0.0043
scoring_system epss
scoring_elements 0.62616
published_at 2026-04-26T12:55:00Z
3
value 0.0043
scoring_system epss
scoring_elements 0.626
published_at 2026-04-24T12:55:00Z
4
value 0.0043
scoring_system epss
scoring_elements 0.62588
published_at 2026-04-21T12:55:00Z
5
value 0.0043
scoring_system epss
scoring_elements 0.62606
published_at 2026-04-18T12:55:00Z
6
value 0.0043
scoring_system epss
scoring_elements 0.62601
published_at 2026-04-16T12:55:00Z
7
value 0.0043
scoring_system epss
scoring_elements 0.62581
published_at 2026-04-12T12:55:00Z
8
value 0.0043
scoring_system epss
scoring_elements 0.62593
published_at 2026-04-11T12:55:00Z
9
value 0.0043
scoring_system epss
scoring_elements 0.62575
published_at 2026-04-09T12:55:00Z
10
value 0.0043
scoring_system epss
scoring_elements 0.6251
published_at 2026-04-02T12:55:00Z
11
value 0.0043
scoring_system epss
scoring_elements 0.62559
published_at 2026-04-13T12:55:00Z
12
value 0.0043
scoring_system epss
scoring_elements 0.62507
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46239
1
reference_url https://github.com/quic-go/quic-go
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/quic-go/quic-go
2
reference_url https://github.com/quic-go/quic-go/commit/b6a4725b60f1fe04e8f1ddcc3114e290fcea1617
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T17:36:38Z/
url https://github.com/quic-go/quic-go/commit/b6a4725b60f1fe04e8f1ddcc3114e290fcea1617
3
reference_url https://github.com/quic-go/quic-go/releases/tag/v0.37.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T17:36:38Z/
url https://github.com/quic-go/quic-go/releases/tag/v0.37.3
4
reference_url https://github.com/quic-go/quic-go/security/advisories/GHSA-3q6m-v84f-6p9h
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T17:36:38Z/
url https://github.com/quic-go/quic-go/security/advisories/GHSA-3q6m-v84f-6p9h
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46239
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46239
fixed_packages
0
url pkg:golang/github.com/quic-go/quic-go@0.37.3
purl pkg:golang/github.com/quic-go/quic-go@0.37.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/quic-go/quic-go@0.37.3
aliases CVE-2023-46239, GHSA-3q6m-v84f-6p9h
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sc4h-pbrk-duf6
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:golang/github.com/quic-go/quic-go@0.37.3