Fluid Attacks Database

Description

Panic during unmarshal of Hello Verify Request in github.com/pion/dtls/v2

Impact

During the unmarshalling of a hello verify request we could try to unmarshal into too small a buffer. is could result in a panic leading the program to crash.

This issue could be abused to cause a denial of service.

Workaround

None, upgrade to 2.2.4

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	github.com/pion/dtls	>=0 <=1.5.4	-
go	github.com/pion/dtls/v2	>=0 <2.2.4	2.2.4

Aliases

1. GHSA-4xgv-j62q-h3rj2. GCVE-GHSA-4xgv-j62q-h3rj

References

1. https://github.com/pion/dtls/security/advisories/GHSA-4xgv-j62q-h3rj2. https://github.com/pion/dtls/commit/a50d26c5e4eed2ca87509494ffef2d2ebd22b1eb3. https://pkg.go.dev/vuln/GO-2023-1534

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.