QID 982031
QID 982031: Go (go) Security Update for github.com/pion/dtls (GHSA-7gfg-6934-mqq2)
handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a check for application data with epoch 0, which allows remote attackers to inject arbitrary unencrypted data after handshake completion.
Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user.
Solution
Customers are advised to refer to GHSA-7gfg-6934-mqq2 for updates pertaining to this vulnerability.
Vendor References
- GHSA-7gfg-6934-mqq2 -
github.com/advisories/GHSA-7gfg-6934-mqq2
CVEs related to QID 982031
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-7gfg-6934-mqq2 | github.com/pion/dtls |
|