Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-sc4h-pbrk-duf6
Summary
quic-go vulnerable to pointer dereference that can lead to panic
quic-go is an implementation of the [QUIC](https://datatracker.ietf.org/doc/html/rfc9000) transport protocol in Go. By serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference (leading to a panic) when the node attempted to drop the Handshake packet number space.

**Impact**

An attacker can bring down a quic-go node with very minimal effort. Completing the QUIC handshake only requires sending and receiving a few packets.

**Patches**

[v0.37.3](https://github.com/quic-go/quic-go/releases/tag/v0.37.3) contains a patch. Versions before v0.37.0 are not affected.
Aliases
0
alias CVE-2023-46239
1
alias GHSA-3q6m-v84f-6p9h
Fixed_packages
0
url pkg:deb/debian/golang-github-lucas-clemente-quic-go@0?distro=trixie
purl pkg:deb/debian/golang-github-lucas-clemente-quic-go@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0%3Fdistro=trixie
1
url pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.19.3-1?distro=trixie
purl pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.19.3-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18gf-znwv-aubu
1
vulnerability VCID-3vjt-1se3-rbhc
2
vulnerability VCID-apqf-t7ew-5fgw
3
vulnerability VCID-qatc-a78d-8ufh
4
vulnerability VCID-tw5q-cn78-vyda
5
vulnerability VCID-u6kw-zxc9-q7gg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.19.3-1%3Fdistro=trixie
2
url pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.29.0-1?distro=trixie
purl pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.29.0-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18gf-znwv-aubu
1
vulnerability VCID-3vjt-1se3-rbhc
2
vulnerability VCID-apqf-t7ew-5fgw
3
vulnerability VCID-qatc-a78d-8ufh
4
vulnerability VCID-tw5q-cn78-vyda
5
vulnerability VCID-u6kw-zxc9-q7gg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.29.0-1%3Fdistro=trixie
3
url pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.50.1-2?distro=trixie
purl pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.50.1-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-apqf-t7ew-5fgw
1
vulnerability VCID-qatc-a78d-8ufh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.50.1-2%3Fdistro=trixie
4
url pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.59.0-2?distro=trixie
purl pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.59.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.59.0-2%3Fdistro=trixie
5
url pkg:golang/github.com/quic-go/quic-go@0.37.3
purl pkg:golang/github.com/quic-go/quic-go@0.37.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/quic-go/quic-go@0.37.3
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46239
reference_id
reference_type
scores
0
value 0.0043
scoring_system epss
scoring_elements 0.62542
published_at 2026-04-04T12:55:00Z
1
value 0.0043
scoring_system epss
scoring_elements 0.62612
published_at 2026-04-29T12:55:00Z
2
value 0.0043
scoring_system epss
scoring_elements 0.62616
published_at 2026-04-26T12:55:00Z
3
value 0.0043
scoring_system epss
scoring_elements 0.626
published_at 2026-04-24T12:55:00Z
4
value 0.0043
scoring_system epss
scoring_elements 0.62588
published_at 2026-04-21T12:55:00Z
5
value 0.0043
scoring_system epss
scoring_elements 0.62606
published_at 2026-04-18T12:55:00Z
6
value 0.0043
scoring_system epss
scoring_elements 0.62601
published_at 2026-04-16T12:55:00Z
7
value 0.0043
scoring_system epss
scoring_elements 0.62581
published_at 2026-04-12T12:55:00Z
8
value 0.0043
scoring_system epss
scoring_elements 0.62593
published_at 2026-04-11T12:55:00Z
9
value 0.0043
scoring_system epss
scoring_elements 0.62575
published_at 2026-04-09T12:55:00Z
10
value 0.0043
scoring_system epss
scoring_elements 0.6251
published_at 2026-04-02T12:55:00Z
11
value 0.0043
scoring_system epss
scoring_elements 0.62559
published_at 2026-04-13T12:55:00Z
12
value 0.0043
scoring_system epss
scoring_elements 0.62507
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46239
1
reference_url https://github.com/quic-go/quic-go
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/quic-go/quic-go
2
reference_url https://github.com/quic-go/quic-go/commit/b6a4725b60f1fe04e8f1ddcc3114e290fcea1617
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T17:36:38Z/
url https://github.com/quic-go/quic-go/commit/b6a4725b60f1fe04e8f1ddcc3114e290fcea1617
3
reference_url https://github.com/quic-go/quic-go/releases/tag/v0.37.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T17:36:38Z/
url https://github.com/quic-go/quic-go/releases/tag/v0.37.3
4
reference_url https://github.com/quic-go/quic-go/security/advisories/GHSA-3q6m-v84f-6p9h
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T17:36:38Z/
url https://github.com/quic-go/quic-go/security/advisories/GHSA-3q6m-v84f-6p9h
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46239
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46239
Weaknesses
0
cwe_id 248
name Uncaught Exception
description An exception is thrown from a function, but it is not caught.
1
cwe_id 476
name NULL Pointer Dereference
description A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Exploits
Severity_range_score7.0 - 8.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-sc4h-pbrk-duf6