blob: 018cc0580f33f8426101c6746b6f9dde38a9e655 [file] [log] [blame]
id: GO-2022-0461
modules:
- module: github.com/pion/dtls/v2
versions:
- fixed: 2.1.4
vulnerable_at: 2.1.3
packages:
- package: github.com/pion/dtls/v2
symbols:
- fragmentBuffer.push
derived_symbols:
- Client
- ClientWithContext
- Dial
- DialWithContext
- Resume
- Server
- ServerWithContext
- handshakeFSM.Run
- listener.Accept
summary: Unbounded memory consumption in github.com/pion/dtls/v2
description: |-
Attacker can cause unbounded memory consumption.
The Pion DTLS client and server buffer handshake data with no upper limit,
permitting an attacker to cause unbounded memory consumption by sending an
unterminated handshake.
published: 2022-07-01T20:07:25Z
cves:
- CVE-2022-29189
ghsas:
- GHSA-cx94-mrg9-rq4j
references:
- fix: https://github.com/pion/dtls/commit/a6397ff7282bc56dc37a68ea9211702edb4de1de
review_status: REVIEWED