7 matches found
GO-2023-1534 Panic during unmarshal of Hello Verify Request in github.com/pion/dtls/v2
Unmarshalling a Hello Verify request can panic, which could allow a denial of service...
Denial Of Service (DoS)
github.com/pion/dtls is vulnerable to Denial Of Service DoS. The vulnerability exists in the Unmarshal function which tries to unmarshal into buffer to small via a Hello Verify request message which allows an attacker to cause an application crash...
Panic during unmarshal of Hello Verify Request in github.com/pion/dtls/v2
Impact During the unmarshalling of a hello verify request we could try to unmarshal into too small a buffer. is could result in a panic leading the program to crash. This issue could be abused to cause a denial of service. Workaround None, upgrade to 2.2.4...
GHSA-4XGV-J62Q-H3RJ Panic during unmarshal of Hello Verify Request in github.com/pion/dtls/v2
Impact During the unmarshalling of a hello verify request we could try to unmarshal into too small a buffer. is could result in a panic leading the program to crash. This issue could be abused to cause a denial of service. Workaround None, upgrade to 2.2.4...
GHSA-HXP2-XQF3-V83H Panic during unmarshal of Hello Verify Request in github.com/pion/dtls/v2
Impact When attempting to unmarshal a Server Hello request we could attempt to unmarshal into a buffer that was too small. This could result in a panic leading the program to crash. This issue could be abused to cause a denial of service. Workaround None...
GHSA-QQ3J-44GW-CF6R Eclipse Californium denial of service (DoS) via Datagram Transport Layer Security (DTLS) handshake on parameter mismatch
In Eclipse Californium versions 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification DDoS other pee...
CVE-2022-2576
In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification DDoS other peer...