New: Corgea AI Pentesting — autonomous penetration testing in hours, not weeks
UNKNOWN Go

Memory exhaustion in QUIC connection handling in crypto/tls

GO-2023-2045 · BIT-golang-2023-39322 · CVE-2023-39322

Published · Modified

Description

QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth.

With fix, connections now consistently reject messages larger than 65KiB in size.

Ready to move

Start Securing

Free, no credit card | First findings in minutes