Ubuntu.comUB:CVE-2022-29189CVE-2022-29189
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS
Percentile
74.6%
Pion DTLS is a Go implementation of Datagram Transport Layer Security.
Prior to version 2.1.4, a buffer that was used for inbound network traffic
had no upper limit. Pion DTLS would buffer all network traffic from the
remote user until the handshake completes or timed out. An attacker could
exploit this to cause excessive memory usage. Version 2.1.4 contains a
patch for this issue. There are currently no known workarounds available.
Bugs
References
github.com/pion/dtls/commit/a6397ff7282bc56dc37a68ea9211702edb4de1de
github.com/pion/dtls/commit/a6397ff7282bc56dc37a68ea9211702edb4de1de (v2.1.4)
github.com/pion/dtls/releases/tag/v2.1.4
github.com/pion/dtls/security/advisories/GHSA-cx94-mrg9-rq4j
launchpad.net/bugs/cve/CVE-2022-29189
nvd.nist.gov/vuln/detail/CVE-2022-29189
security-tracker.debian.org/tracker/CVE-2022-29189
www.cve.org/CVERecord?id=CVE-2022-29189
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS
Percentile
74.6%