blob: f2e86c896fe0f3158578011c46906cfbe8c38920 [file] [log] [blame]
module = "github.com/pion/dtls"
description = """
An attacker can craft records that allow the processing of arbitrary
unencrypted application data at any point after the initial handshake
is completed.
"""
cve = "CVE-2019-20786"
symbols = ["Conn.handleIncomingPacket"]
[[versions]]
fixed = "v1.5.2"
[links]
commit = "https://github.com/pion/dtls/commit/fd73a5df2ff0e1fb6ae6a51e2777d7a16cc4f4e0"
pr = "https://github.com/pion/dtls/pull/128"
context = ["https://www.usenix.org/system/files/sec20fall_fiterau-brostean_prepub.pdf"]