5 matches found
CVE-2019-20786
handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a check for application data with epoch 0, which allows remote attackers to inject arbitrary unencrypted data after handshake completion...
CVE-2019-20786
handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a check for application data with epoch 0, which allows remote attackers to inject arbitrary unencrypted data after handshake completion...
CVE-2019-20786
handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a check for application data with epoch 0, which allows remote attackers to inject arbitrary unencrypted data after handshake completion...
CVE-2019-20786
CVE-2019-20786 (Pion DTLS) : The vulnerability exists in handleIncomingPacket (conn.go) of Pion DTLS prior to 1.5.2, which does not check application data with epoch 0. This allows remote attackers to inject arbitrary unencrypted data after the DTLS handshake. Affected software: Pion DTLS (versio...
Denial Of Service (DoS)
github.com/gorilla/websocket is vulnerable to denial of service DoS. An integer overflow in conn.go when parsing WebSocket frames allows a remote attacker to cause the server to consume excessive amount of memory, resulting in an application crash when the server runs out of memory...