5 matches found
Ubuntu 22.04 LTS : Snowflake vulnerabilities (USN-7966-1)
The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7966-1 advisory. It was discovered that Pion DTLS, vendored in Snowflake, did not impose a limit on the amount of data that was buffered during the handshake. An attacker...
Linux Distros Unpatched Vulnerability : CVE-2022-29189
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper...
CVE-2022-29189 Buffer for inbound DTLS fragments has no limit
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could explo...
CVE-2022-29189
The CVE concerns Pion DTLS (Go DTLS) prior to version 2.1.4, where an inbound-buffer for handshake data had no upper limit, allowing an attacker to cause unbounded memory growth and potential denial of service during the handshake. Concrete evidence in connected sources shows the issue is fixed i...
CVE-2022-29189 Buffer for inbound DTLS fragments has no limit
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could explo...