CNNVD-202510-1438 Information

CNNVD ID

CNNVD-202510-1438

Related CVE

CVE-2025-59530

• CNNVD Published: 2025-10-10

Description (Chinese)

quic-go是Lucas Clemente个人开发者的一种 QUIC 协议、RFC 9000协议在 Go 中的实现。 quic-go 0.49.0之前版本、0.54.1之前版本和0.55.0之前版本存在安全漏洞，该漏洞源于断言失败处理不当，可能导致拒绝服务攻击。

Description (English)

Quic-go is a QUIC protocol for Lucas Clemente’s personal developers, and the RFC 9000 agreement is implemented in Go. There is a security loophole in the pre-qic-go 0.49.0, pre-054.1 and pre-055.05, which stems from the assertion that failure to deal with it may lead to denial of service attacks.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-10-10

Last Modified

2026-02-24

References

https://github.com/quic-go/quic-go/security/advisories/GHSA-47m2-4cr7-mhcw https://github.com/quic-go/quic-go/pull/5354 https://github.com/quic-go/quic-go/blob/v0.55.0/connection.go#L2682-L2685 https://vigilance.fr/vulnerability/quic-go-assertion-error-via-HANDSHAKE-DONE-48812

Patch

https://github.com/quic-go/quic-go/releases