Headline
GHSA-4xgv-j62q-h3rj: Pion DTLS is vulnerable to panic via Hello Verify Request unmarshal
Impact
During the unmarshalling of a hello verify request we could try to unmarshal into too small a buffer. is could result in a panic leading the program to crash.
This issue could be abused to cause a denial of service.
Workaround
None, upgrade to 2.2.4
- GitHub Advisory Database
- GitHub Reviewed
- GHSA-4xgv-j62q-h3rj
Pion DTLS is vulnerable to panic via Hello Verify Request unmarshal
Moderate severity GitHub Reviewed Published Feb 5, 2023 in pion/dtls • Updated Feb 7, 2023
Package
gomod github.com/pion/dtls (Go)
Affected versions
< 2.2.4
Impact
During the unmarshalling of a hello verify request we could try to unmarshal into too small a buffer. is could result in a panic leading the program to crash.
This issue could be abused to cause a denial of service.
Workaround
None, upgrade to 2.2.4
References
- GHSA-4xgv-j62q-h3rj
- pion/dtls@a50d26c
Published to the GitHub Advisory Database
Feb 7, 2023