| module: github.com/pion/dtls |
| versions: |
| - fixed: v1.5.2 |
| description: | |
| An attacker can craft records that allow the processing of arbitrary |
| unencrypted application data at any point after the initial handshake |
| is completed. |
| published: 2021-04-14T12:00:00Z |
| cve: CVE-2019-20786 |
| symbols: |
| - Conn.handleIncomingPacket |
| links: |
| pr: https://github.com/pion/dtls/pull/128 |
| commit: https://github.com/pion/dtls/commit/fd73a5df2ff0e1fb6ae6a51e2777d7a16cc4f4e0 |
| context: |
| - https://www.usenix.org/system/files/sec20fall_fiterau-brostean_prepub.pdf |