blob: d99136ed56bd5afc3c7b8fc316a42cee207280bb [file] [log] [blame]
{
"schema_version": "1.3.1",
"id": "GO-2022-0461",
"modified": "0001-01-01T00:00:00Z",
"published": "2022-07-01T20:07:25Z",
"aliases": [
"CVE-2022-29189",
"GHSA-cx94-mrg9-rq4j"
],
"summary": "Unbounded memory consumption in github.com/pion/dtls/v2",
"details": "Attacker can cause unbounded memory consumption.\n\nThe Pion DTLS client and server buffer handshake data with no upper limit, permitting an attacker to cause unbounded memory consumption by sending an unterminated handshake.",
"affected": [
{
"package": {
"name": "github.com/pion/dtls/v2",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
]
}
],
"ecosystem_specific": {
"imports": [
{
"path": "github.com/pion/dtls/v2",
"symbols": [
"Client",
"ClientWithContext",
"Dial",
"DialWithContext",
"Resume",
"Server",
"ServerWithContext",
"fragmentBuffer.push",
"handshakeFSM.Run",
"listener.Accept"
]
}
]
}
}
],
"references": [
{
"type": "FIX",
"url": "https://github.com/pion/dtls/commit/a6397ff7282bc56dc37a68ea9211702edb4de1de"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0461",
"review_status": "REVIEWED"
}
}