Vulnerability Description
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could exploit this to cause excessive memory usage. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pion | Dtls | < 2.1.4 |
Related Weaknesses (CWE)
References
- https://github.com/pion/dtls/commit/a6397ff7282bc56dc37a68ea9211702edb4de1dePatchThird Party Advisory
- https://github.com/pion/dtls/releases/tag/v2.1.4Third Party Advisory
- https://github.com/pion/dtls/security/advisories/GHSA-cx94-mrg9-rq4jThird Party Advisory
- https://github.com/pion/dtls/commit/a6397ff7282bc56dc37a68ea9211702edb4de1dePatchThird Party Advisory
- https://github.com/pion/dtls/releases/tag/v2.1.4Third Party Advisory
- https://github.com/pion/dtls/security/advisories/GHSA-cx94-mrg9-rq4jThird Party Advisory
FAQ
What is CVE-2022-29189?
CVE-2022-29189 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network...
How severe is CVE-2022-29189?
CVE-2022-29189 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-29189?
Check the references section above for vendor advisories and patch information. Affected products include: Pion Dtls.