Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/golang-github-lucas-clemente-quic-go@0?distro=trixie
purl pkg:deb/debian/golang-github-lucas-clemente-quic-go@0?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-sc4h-pbrk-duf6 quic-go vulnerable to pointer dereference that can lead to panic quic-go is an implementation of the [QUIC](https://datatracker.ietf.org/doc/html/rfc9000) transport protocol in Go. By serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference (leading to a panic) when the node attempted to drop the Handshake packet number space. **Impact** An attacker can bring down a quic-go node with very minimal effort. Completing the QUIC handshake only requires sending and receiving a few packets. **Patches** [v0.37.3](https://github.com/quic-go/quic-go/releases/tag/v0.37.3) contains a patch. Versions before v0.37.0 are not affected. CVE-2023-46239
GHSA-3q6m-v84f-6p9h

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-01T23:25:15.533905+00:00 Debian Importer Fixing VCID-sc4h-pbrk-duf6 https://security-tracker.debian.org/tracker/data/json 38.6.0
2026-04-16T10:55:43.893409+00:00 Debian Importer Fixing VCID-sc4h-pbrk-duf6 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T07:24:32.812044+00:00 Debian Importer Fixing VCID-sc4h-pbrk-duf6 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:25:43.728730+00:00 Debian Importer Fixing VCID-sc4h-pbrk-duf6 https://security-tracker.debian.org/tracker/data/json 38.1.0