CVE-2019-20786

Опубликовано: 19 апр. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a check for application data with epoch 0, which allows remote attackers to inject arbitrary unencrypted data after handshake completion.

Ссылки

https://github.com/pion/dtls/commit/fd73a5df2ff0e1fb6ae6a51e2777d7a16cc4f4e0
Patch
Third Party Advisory
https://github.com/pion/dtls/compare/v1.5.1...v1.5.2
Patch
Third Party Advisory
https://www.usenix.org/conference/usenixsecurity20/presentation/fiterau-brostean
Third Party Advisory
https://www.usenix.org/system/files/sec20fall_fiterau-brostean_prepub.pdf
Exploit
Third Party Advisory
https://github.com/pion/dtls/commit/fd73a5df2ff0e1fb6ae6a51e2777d7a16cc4f4e0
Patch
Third Party Advisory
https://github.com/pion/dtls/compare/v1.5.1...v1.5.2
Patch
Third Party Advisory
https://www.usenix.org/conference/usenixsecurity20/presentation/fiterau-brostean
Third Party Advisory
https://www.usenix.org/system/files/sec20fall_fiterau-brostean_prepub.pdf
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pion:dtls:*:*:*:*:*:*:*:*

Версия до 1.5.2 (исключая)

EPSS

Процентиль: 79%

0.0122

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-7gfg-6934-mqq2