Vulnerability Report: GO-2020-0038

CVE-2019-20786, GHSA-7gfg-6934-mqq2
Affects: github.com/pion/dtls
Published: Apr 14, 2021
Modified: Jun 12, 2023

Due to improper verification of packets, unencrypted packets containing application data are accepted after the initial handshake. This allows an attacker to inject arbitrary data which the client/server believes was encrypted, despite not knowing the session key.

Affected Packages

Path

Versions

Symbols
github.com/pion/dtls

before v1.5.2
5 affected symbols

Aliases

CVE-2019-20786
GHSA-7gfg-6934-mqq2

References

https://github.com/pion/dtls/pull/128
https://github.com/pion/dtls/commit/fd73a5df2ff0e1fb6ae6a51e2777d7a16cc4f4e0
https://www.usenix.org/system/files/sec20fall_fiterau-brostean_prepub.pdf
https://vuln.go.dev/ID/GO-2020-0038.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL