Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Buffer for inbound DTLS fragments has no limit
Vulnerability Description
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could exploit this to cause excessive memory usage. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
Vulnerability Title
Pion DTLS 安全漏洞
Vulnerability Description
Pion DTLS是一款基于Go语言的DTLS(数据包传输层安全性协议)实现。 Pion DTLS 2.1.4之前版本存在安全漏洞,该漏洞源于入站网络流量的缓冲区没有上限。攻击者利用该漏洞导致内存使用过多。
CVSS Information
N/A
Vulnerability Type
N/A