Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Pion DTLS uses random nonce generation with AES GCM ciphers risks leaking the authentication key
Vulnerability Description
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.0.10 and 3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack". Upgrade to v3.0.11, v3.1.1, or later.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Pion DTLS 信息泄露漏洞
Vulnerability Description
Pion DTLS是Pion开源的一款基于Go语言的DTLS(数据包传输层安全性协议)实现。 Pion DTLS v1.0.0至v3.1.0版本存在信息泄露漏洞,该漏洞源于AES GCM密码使用随机随机数生成,可能导致远程攻击者获取身份验证密钥并伪造数据。
CVSS Information
N/A
Vulnerability Type
N/A