Rsukhodolskyi

**Name of the Vulnerable Software and Affected Versions** quic-go versions prior to 0.49.0 quic-go versions prior to 0.54.1 quic-go versions prior to 0.55.0 **Description** quic-go is an implementation of the QUIC protocol in Go. In affected versions, a malicious or misbehaving server can cause a denial-of-service (DoS) attack on the quic-go client. This occurs by triggering an assertion failure, leading to a process crash. The issue is exploitable during the handshake phase and does not require authentication. Specifically, the vulnerability stems from improper handling of the `HANDSHAKE DONE` frame. A server prematurely sending a `HANDSHAKE DONE` frame can trigger the issue. This has been observed in real-world attacks with certain server implementations. **Recommendations** Update to quic-go version 0.49.0 or later. Update to quic-go version 0.54.1 or later. Update to quic-go version 0.55.0 or later.