CVE-2022-29189

Опубликовано: 21 мая 2022

Источник: ubuntu

Приоритет: medium

CVSS2: 5

CVSS3: 5.3

Описание

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could exploit this to cause excessive memory usage. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
esm-apps/bionic	not-affected	code not present
esm-apps/xenial	not-affected	code not present
upstream	needs-triage

Показывать по

Релиз	Статус	Примечание
devel	not-affected	code not present
esm-apps/jammy	released	1.1.0-2ubuntu0.1+esm2
esm-apps/noble	not-affected	code not present
jammy	needed
kinetic	ignored	end of life, was needs-triage
lunar	ignored	end of life, was needs-triage
mantic	ignored	end of life, was needs-triage
noble	not-affected	code not present
oracular	ignored	end of life, was needs-triage
plucky	not-affected	code not present

Показывать по

Релиз	Статус	Примечание
devel	DNE
esm-apps/jammy	released	1.21.4+ds1-0ubuntu2+esm2
impish	ignored	end of life
jammy	needed
kinetic	ignored	end of life, was needs-triage
lunar	ignored	end of life, was needs-triage
mantic	ignored	end of life, was needs-triage
noble	DNE
oracular	DNE
plucky	DNE

Показывать по

Ссылки на источники

5 Medium

CVSS2

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2022-29189

CVSS3: 5.3

nvd

больше 3 лет назад

CVE-2022-29189

CVSS3: 5.3

debian

больше 3 лет назад

Pion DTLS is a Go implementation of Datagram Transport Layer Security. ...

GHSA-cx94-mrg9-rq4j

CVSS3: 5.3

github

больше 3 лет назад

Pion/DTLS contains buffer for inbound DTLS fragments with no limit

5 Medium

CVSS2

5.3 Medium

CVSS3

CVE-2022-29189

Описание

Пакет pion

Пакет snowflake

Пакет telegraf

Ссылки на источники

Связанные уязвимости