GHSA-hxp2-xqf3-v83h

Опубликовано: 07 фев. 2023

Источник: github

Github: Прошло ревью

CVSS3: 5.9

Описание

Panic during unmarshal of Hello Verify Request in github.com/pion/dtls/v2

Impact

When attempting to unmarshal a Server Hello request we could attempt to unmarshal into a buffer that was too small. This could result in a panic leading the program to crash.

This issue could be abused to cause a denial of service.

Workaround

None

Ссылки

https://github.com/pion/dtls/security/advisories/GHSA-hxp2-xqf3-v83h
https://github.com/pion/dtls/commit/7a14903448b70069fd9e02adf210ca23083c56d2
https://pkg.go.dev/vuln/GO-2023-1535

Пакеты

Наименование

github.com/pion/dtls

Затронутые версииВерсия исправления

<= 1.5.4

Отсутствует

Наименование

github.com/pion/dtls/v2

Затронутые версииВерсия исправления

< 2.2.4

2.2.4

5.9 Medium

CVSS3

Дефекты

CWE-125

5.9 Medium

CVSS3

Дефекты

CWE-125