| { |
| "id": "GO-2021-0104", |
| "published": "2021-07-28T18:08:05Z", |
| "modified": "0001-01-01T00:00:00Z", |
| "aliases": [ |
| "CVE-2021-28681", |
| "GHSA-74xm-qj29-cq8p" |
| ], |
| "details": "Due to improper error handling, DTLS connections were not killed when certificate verification\nfailed, causing users who did not check the connection state to continue to use the connection.\nThis could allow allow an attacker which holds the ICE password, but not a valid certificate,\nto bypass this restriction.\n", |
| "affected": [ |
| { |
| "package": { |
| "name": "github.com/pion/webrtc/v3", |
| "ecosystem": "Go" |
| }, |
| "ranges": [ |
| { |
| "type": "SEMVER", |
| "events": [ |
| { |
| "introduced": "0" |
| }, |
| { |
| "fixed": "3.0.15" |
| } |
| ] |
| } |
| ], |
| "database_specific": { |
| "url": "https://pkg.go.dev/vuln/GO-2021-0104" |
| }, |
| "ecosystem_specific": { |
| "imports": [ |
| { |
| "path": "github.com/pion/webrtc/v3", |
| "symbols": [ |
| "DTLSTransport.Start", |
| "PeerConnection.AddTrack", |
| "PeerConnection.AddTransceiverFromTrack", |
| "PeerConnection.CreateDataChannel", |
| "PeerConnection.RemoveTrack", |
| "PeerConnection.SetLocalDescription", |
| "PeerConnection.SetRemoteDescription", |
| "operations.Done", |
| "operations.Enqueue" |
| ] |
| } |
| ] |
| } |
| } |
| ], |
| "references": [ |
| { |
| "type": "FIX", |
| "url": "https://github.com/pion/webrtc/pull/1709" |
| }, |
| { |
| "type": "FIX", |
| "url": "https://github.com/pion/webrtc/commit/545613dcdeb5dedb01cce94175f40bcbe045df2e" |
| }, |
| { |
| "type": "WEB", |
| "url": "https://github.com/pion/webrtc/issues/1708" |
| } |
| ] |
| } |
