4 matches found
Ubuntu 22.04 LTS : Snowflake vulnerabilities (USN-7966-1)
The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7966-1 advisory. It was discovered that Pion DTLS, vendored in Snowflake, did not impose a limit on the amount of data that was buffered during the handshake. An attacker...
CVE-2022-29190 Header reconstruction method can be thrown into an infinite loop in Pion DTLS
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available...
CVE-2022-29190 Header reconstruction method can be thrown into an infinite loop in Pion DTLS
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available...
CVE-2022-29190
Pion DTLS (Go) before v2.1.4 is vulnerable to an infinite-loop processing bug that an attacker can trigger, potentially causing a denial of service (availability impact high). The issue is fixed in v2.1.4. Multiple advisories (Ubuntu USN-7966-1/2, OSS vulnerabilities, Nessus/OSV entries) corrobor...