CVE-2023-39321

Processing an incomplete post-handshake message for a QUIC connection can cause a panic.

Affected Software

Name	Vendor	Start Version	End Version
Go	Golang	1.21.0 (including)	1.21.1 (excluding)
Cryostat 2 on RHEL 8	RedHat	cryostat-tech-preview/cryostat-rhel8-operator:2.3.1-11	*
Migration Toolkit for Virtualization 2.5	RedHat	migration-toolkit-virtualization/mtv-api-rhel9:2.5.3-11	*
NETWORK-OBSERVABILITY-1.4.0-RHEL-9	RedHat	network-observability/network-observability-rhel9-operator:v1.4.0-51	*
OADP-1.1-RHEL-8	RedHat	oadp/oadp-velero-rhel8:1.1.7-6	*
OSSO-1.2-RHEL-8	RedHat	openshift-secondary-scheduler-operator/secondary-scheduler-operator-bundle:v1.2-8	*
OSSO-1.2-RHEL-8	RedHat	openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8:v1.2-13	*
Red Hat Ansible Automation Platform 2.4 for RHEL 8	RedHat	receptor-0:1.4.3-1.el8ap	*
Red Hat Ansible Automation Platform 2.4 for RHEL 9	RedHat	receptor-0:1.4.3-1.el9ap	*
Red Hat Enterprise Linux 8	RedHat	go-toolset:rhel8-8090020231013032436.26eb71ac	*
Red Hat Enterprise Linux 8	RedHat	container-tools:4.0-8090020231207142256.d7b6f4b7	*
Red Hat Enterprise Linux 8	RedHat	container-tools:rhel8-8100020240227110532.82888897	*
Red Hat Enterprise Linux 9	RedHat	golang-0:1.20.10-1.el9_3	*
Red Hat Enterprise Linux 9	RedHat	skopeo-2:1.13.3-3.el9_3	*
Red Hat Enterprise Linux 9	RedHat	runc-4:1.1.9-2.el9_3	*
Red Hat Enterprise Linux 9	RedHat	buildah-1:1.31.3-2.el9_3	*
Red Hat Enterprise Linux 9	RedHat	podman-2:4.6.1-7.el9_3	*
Red Hat Enterprise Linux 9	RedHat	containernetworking-plugins-1:1.3.0-6.el9_3	*
Red Hat Enterprise Linux 9	RedHat	git-lfs-0:3.6.1-1.el9	*
Red Hat Migration Toolkit for Containers 1.7	RedHat	rhmtc/openshift-velero-plugin-rhel8:v1.7.14-3	*
Red Hat OpenShift Container Platform 4.14	RedHat	buildah-1:1.29.1-10.1.rhaos4.14.el9	*
Red Hat OpenShift Container Platform 4.14	RedHat	conmon-3:2.1.7-3.1.rhaos4.14.el9	*
Red Hat OpenShift Container Platform 4.14	RedHat	containernetworking-plugins-0:1.0.1-11.1.rhaos4.14.el8	*
Red Hat OpenShift Container Platform 4.14	RedHat	podman-3:4.4.1-10.1.rhaos4.14.el8	*
Red Hat OpenShift Container Platform 4.14	RedHat	runc-4:1.1.9-2.1.rhaos4.14.el8	*
Red Hat OpenShift Container Platform 4.14	RedHat	skopeo-2:1.11.2-10.1.rhaos4.14.el9	*
Red Hat OpenShift Container Platform 4.14	RedHat	openshift-clients-0:4.14.0-202311031050.p0.g9b1e0d2.assembly.stream.el9	*
Red Hat OpenShift Container Platform 4.14	RedHat	microshift-0:4.14.0-202310261440.p0.g1586504.assembly.4.14.0.el9	*
Red Hat OpenStack Platform 16.1	RedHat	etcd-0:3.3.23-16.el8ost	*
Red Hat OpenStack Platform 16.2	RedHat	etcd-0:3.3.23-16.el8ost	*
RHODF-4.15-RHEL-9	RedHat	odf4/cephcsi-rhel9:v4.15.0-37	*
RODOO-1.0-RHEL-8	RedHat	run-once-duration-override-operator/run-once-duration-override-rhel8:v1.0-30	*
Service Interconnect 1 for RHEL 9	RedHat	service-interconnect/skupper-config-sync-rhel9:1.5.3-1	*
Service Interconnect 1 for RHEL 9	RedHat	service-interconnect/skupper-controller-podman-rhel9:1.5.3-1	*
Service Interconnect 1 for RHEL 9	RedHat	service-interconnect/skupper-flow-collector-rhel9:1.5.3-2	*
Service Interconnect 1 for RHEL 9	RedHat	service-interconnect/skupper-operator-bundle:1.5.3-3	*
Service Interconnect 1 for RHEL 9	RedHat	service-interconnect/skupper-router-rhel9:2.5.1-2	*
Service Interconnect 1 for RHEL 9	RedHat	service-interconnect/skupper-service-controller-rhel9:1.5.3-1	*
Service Interconnect 1 for RHEL 9	RedHat	service-interconnect/skupper-site-controller-rhel9:1.5.3-2	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-39321
CWE	https://cwe.mitre.org/data/definitions/.html

Affected Software

References