Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/golang-github-lucas-clemente-quic-go@0?distro=trixie
Typedeb
Namespacedebian
Namegolang-github-lucas-clemente-quic-go
Version0
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version0.38.2-1
Latest_non_vulnerable_version0.59.0-2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-sc4h-pbrk-duf6
vulnerability_id VCID-sc4h-pbrk-duf6
summary 
quic-go vulnerable to pointer dereference that can lead to panic
quic-go is an implementation of the [QUIC](https://datatracker.ietf.org/doc/html/rfc9000) transport protocol in Go. By serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference (leading to a panic) when the node attempted to drop the Handshake packet number space.

**Impact**

An attacker can bring down a quic-go node with very minimal effort. Completing the QUIC handshake only requires sending and receiving a few packets.

**Patches**

[v0.37.3](https://github.com/quic-go/quic-go/releases/tag/v0.37.3) contains a patch. Versions before v0.37.0 are not affected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46239
reference_id
reference_type
scores
0
value 0.0043
scoring_system epss
scoring_elements 0.62641
published_at 2026-05-12T12:55:00Z
1
value 0.0043
scoring_system epss
scoring_elements 0.62559
published_at 2026-04-13T12:55:00Z
2
value 0.0043
scoring_system epss
scoring_elements 0.62575
published_at 2026-04-09T12:55:00Z
3
value 0.0043
scoring_system epss
scoring_elements 0.62593
published_at 2026-04-11T12:55:00Z
4
value 0.0043
scoring_system epss
scoring_elements 0.62581
published_at 2026-04-12T12:55:00Z
5
value 0.0043
scoring_system epss
scoring_elements 0.62601
published_at 2026-04-16T12:55:00Z
6
value 0.0043
scoring_system epss
scoring_elements 0.62606
published_at 2026-04-18T12:55:00Z
7
value 0.0043
scoring_system epss
scoring_elements 0.62588
published_at 2026-04-21T12:55:00Z
8
value 0.0043
scoring_system epss
scoring_elements 0.626
published_at 2026-04-24T12:55:00Z
9
value 0.0043
scoring_system epss
scoring_elements 0.62616
published_at 2026-05-11T12:55:00Z
10
value 0.0043
scoring_system epss
scoring_elements 0.62612
published_at 2026-04-29T12:55:00Z
11
value 0.0043
scoring_system epss
scoring_elements 0.62563
published_at 2026-05-05T12:55:00Z
12
value 0.0043
scoring_system epss
scoring_elements 0.62611
published_at 2026-05-07T12:55:00Z
13
value 0.0043
scoring_system epss
scoring_elements 0.62662
published_at 2026-05-09T12:55:00Z
14
value 0.0043
scoring_system epss
scoring_elements 0.6251
published_at 2026-04-02T12:55:00Z
15
value 0.0043
scoring_system epss
scoring_elements 0.62542
published_at 2026-04-04T12:55:00Z
16
value 0.0043
scoring_system epss
scoring_elements 0.62507
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46239
1
reference_url https://github.com/quic-go/quic-go
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/quic-go/quic-go
2
reference_url https://github.com/quic-go/quic-go/commit/b6a4725b60f1fe04e8f1ddcc3114e290fcea1617
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T17:36:38Z/
url https://github.com/quic-go/quic-go/commit/b6a4725b60f1fe04e8f1ddcc3114e290fcea1617
3
reference_url https://github.com/quic-go/quic-go/releases/tag/v0.37.3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T17:36:38Z/
url https://github.com/quic-go/quic-go/releases/tag/v0.37.3
4
reference_url https://github.com/quic-go/quic-go/security/advisories/GHSA-3q6m-v84f-6p9h
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T17:36:38Z/
url https://github.com/quic-go/quic-go/security/advisories/GHSA-3q6m-v84f-6p9h
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46239
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46239
fixed_packages
0
url pkg:deb/debian/golang-github-lucas-clemente-quic-go@0?distro=trixie
purl pkg:deb/debian/golang-github-lucas-clemente-quic-go@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0%3Fdistro=trixie
1
url pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.19.3-1?distro=trixie
purl pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.19.3-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18gf-znwv-aubu
1
vulnerability VCID-3vjt-1se3-rbhc
2
vulnerability VCID-apqf-t7ew-5fgw
3
vulnerability VCID-qatc-a78d-8ufh
4
vulnerability VCID-tw5q-cn78-vyda
5
vulnerability VCID-u6kw-zxc9-q7gg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.19.3-1%3Fdistro=trixie
2
url pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.29.0-1?distro=trixie
purl pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.29.0-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18gf-znwv-aubu
1
vulnerability VCID-3vjt-1se3-rbhc
2
vulnerability VCID-apqf-t7ew-5fgw
3
vulnerability VCID-qatc-a78d-8ufh
4
vulnerability VCID-tw5q-cn78-vyda
5
vulnerability VCID-u6kw-zxc9-q7gg
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.29.0-1%3Fdistro=trixie
3
url pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.50.1-2?distro=trixie
purl pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.50.1-2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-apqf-t7ew-5fgw
1
vulnerability VCID-qatc-a78d-8ufh
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.50.1-2%3Fdistro=trixie
4
url pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.59.0-2?distro=trixie
purl pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.59.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0.59.0-2%3Fdistro=trixie
aliases CVE-2023-46239, GHSA-3q6m-v84f-6p9h
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sc4h-pbrk-duf6
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-lucas-clemente-quic-go@0%3Fdistro=trixie