Vulnerability Report: GO-2020-0038
- CVE-2019-20786, GHSA-7gfg-6934-mqq2
- Affects: github.com/pion/dtls
- Published: Apr 14, 2021
- Modified: Jun 12, 2023
Due to improper verification of packets, unencrypted packets containing application data are accepted after the initial handshake. This allows an attacker to inject arbitrary data which the client/server believes was encrypted, despite not knowing the session key.
Affected Packages
-
PathVersionsSymbols
-
before v1.5.2
5 affected symbols
Aliases
References
- https://github.com/pion/dtls/pull/128
- https://github.com/pion/dtls/commit/fd73a5df2ff0e1fb6ae6a51e2777d7a16cc4f4e0
- https://www.usenix.org/system/files/sec20fall_fiterau-brostean_prepub.pdf
- https://vuln.go.dev/ID/GO-2020-0038.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.