data/reports/GO-2022-0461.yaml - vulndb - Git at Google

 id: GO-2022-0461
 modules:
     - module: github.com/pion/dtls/v2
       versions:
         - fixed: 2.1.4
       vulnerable_at: 2.1.3
       packages:
         - package: github.com/pion/dtls/v2
           symbols:
             - fragmentBuffer.push
           derived_symbols:
             - Client
             - ClientWithContext
             - Dial
             - DialWithContext
             - Resume
             - Server
             - ServerWithContext
             - handshakeFSM.Run
             - listener.Accept
 summary: Unbounded memory consumption in github.com/pion/dtls/v2
 description: |-
     Attacker can cause unbounded memory consumption.

     The Pion DTLS client and server buffer handshake data with no upper limit,
     permitting an attacker to cause unbounded memory consumption by sending an
     unterminated handshake.
 published: 2022-07-01T20:07:25Z
 cves:
     - CVE-2022-29189
 ghsas:
     - GHSA-cx94-mrg9-rq4j
 references:
     - fix: https://github.com/pion/dtls/commit/a6397ff7282bc56dc37a68ea9211702edb4de1de
	id: GO-2022-0461
	modules:
	- module: github.com/pion/dtls/v2
	versions:
	- fixed: 2.1.4
	vulnerable_at: 2.1.3
	packages:
	- package: github.com/pion/dtls/v2
	symbols:
	- fragmentBuffer.push
	derived_symbols:
	- Client
	- ClientWithContext
	- Dial
	- DialWithContext
	- Resume
	- Server
	- ServerWithContext
	- handshakeFSM.Run
	- listener.Accept
	summary: Unbounded memory consumption in github.com/pion/dtls/v2
	description: \|-
	Attacker can cause unbounded memory consumption.

	The Pion DTLS client and server buffer handshake data with no upper limit,
	permitting an attacker to cause unbounded memory consumption by sending an
	unterminated handshake.
	published: 2022-07-01T20:07:25Z
	cves:
	- CVE-2022-29189
	ghsas:
	- GHSA-cx94-mrg9-rq4j
	references:
	- fix: https://github.com/pion/dtls/commit/a6397ff7282bc56dc37a68ea9211702edb4de1de