Headline
GHSA-hxp2-xqf3-v83h: Pion DTLS is vulnerable to out of bounds read via server hello
Impact
When attempting to unmarshal a Server Hello request we could attempt to unmarshal into a buffer that was too small. This could result in a panic leading the program to crash.
This issue could be abused to cause a denial of service.
Workaround
None
- GitHub Advisory Database
- GitHub Reviewed
- GHSA-hxp2-xqf3-v83h
Pion DTLS is vulnerable to out of bounds read via server hello
Moderate severity GitHub Reviewed Published Feb 5, 2023 in pion/dtls • Updated Feb 7, 2023
Package
gomod github.com/pion/dtls (Go)
Affected versions
< 2.2.4
Impact
When attempting to unmarshal a Server Hello request we could attempt to unmarshal into a buffer that was too small. This could result in a panic leading the program to crash.
This issue could be abused to cause a denial of service.
Workaround
None
References
- GHSA-hxp2-xqf3-v83h
- pion/dtls@7a14903
Published to the GitHub Advisory Database
Feb 7, 2023