Detections
Analytics

CVE-2022-29189

medium

Description

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could exploit this to cause excessive memory usage. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available.

References

https://github.com/pion/dtls/security/advisories/GHSA-cx94-mrg9-rq4j

https://github.com/pion/dtls/releases/tag/v2.1.4

https://github.com/pion/dtls/commit/a6397ff7282bc56dc37a68ea9211702edb4de1de

Details

Source: Mitre, NVD

Published: 2022-05-21

Updated: 2022-06-03

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Severity: Medium

EPSS

EPSS: 0.00285