modules: | |
- module: github.com/pion/dtls/v2 | |
versions: | |
- fixed: 2.1.4 | |
vulnerable_at: 2.1.3 | |
packages: | |
- package: github.com/pion/dtls/v2 | |
symbols: | |
- fragmentBuffer.push | |
derived_symbols: | |
- Client | |
- ClientWithContext | |
- Dial | |
- DialWithContext | |
- Resume | |
- Server | |
- ServerWithContext | |
- handshakeFSM.Run | |
- listener.Accept | |
description: | | |
Attacker can cause unbounded memory consumption. | |
The Pion DTLS client and server buffer handshake data with no | |
upper limit, permitting an attacker to cause unbounded memory | |
consumption by sending an unterminated handshake. | |
published: 2022-07-01T20:07:25Z | |
cves: | |
- CVE-2022-29189 | |
ghsas: | |
- GHSA-cx94-mrg9-rq4j | |
references: | |
- fix: https://github.com/pion/dtls/commit/a6397ff7282bc56dc37a68ea9211702edb4de1de |