Vulnerability Report: GO-2021-0104
- CVE-2021-28681, GHSA-74xm-qj29-cq8p
- Affects: github.com/pion/webrtc/v3
- Published: Jul 28, 2021
- Modified: May 20, 2024
Due to improper error handling, DTLS connections were not killed when certificate verification failed, causing users who did not check the connection state to continue to use the connection. This could allow allow an attacker which holds the ICE password, but not a valid certificate, to bypass this restriction.
Affected Packages
-
PathGo VersionsSymbols
-
before v3.0.15
Aliases
References
- https://github.com/pion/webrtc/pull/1709
- https://github.com/pion/webrtc/commit/545613dcdeb5dedb01cce94175f40bcbe045df2e
- https://github.com/pion/webrtc/issues/1708
- https://vuln.go.dev/ID/GO-2021-0104.json
Credits
- Gaukas Wang (@Gaukas)
Feedback
See anything missing or incorrect?
Suggest an edit to this report.