Home > Vulnerability Database > CVE-2022-29189

Mend.io Vulnerability Database

CVE-2022-29189

Good to know:

Date: May 20, 2022

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could exploit this to cause excessive memory usage. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available.

Language: Go

Severity Score

5.3

Related Resources (7)

Url: github.com/pion/dtls

Url: https://github.com/pion/dtls/releases/tag/v2.1.4

Url: https://pkg.go.dev/vuln/GO-2022-0461

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-29189

Url: https://github.com/pion/dtls/security/advisories/GHSA-cx94-mrg9-rq4j

Url: https://github.com/pion/dtls/commit/a6397ff7282bc56dc37a68ea9211702edb4de1de

Url: https://www.mend.io/vulnerability-database/CVE-2022-29189

Severity Score

5.3

Weakness Type (CWE)

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-120

Top Fix

Upgrade Version

Upgrade to version v2.1.4

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-29189

Good to know:

Date: May 20, 2022

Language: Go

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?