Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available.
Weakness
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Dtls | Pion | * | 2.1.4 (excluding) |
| Pion | Ubuntu | bionic | * |
| Snowflake | Ubuntu | esm-apps/jammy | * |
| Snowflake | Ubuntu | jammy | * |
| Snowflake | Ubuntu | kinetic | * |
| Snowflake | Ubuntu | lunar | * |
| Snowflake | Ubuntu | mantic | * |
| Snowflake | Ubuntu | oracular | * |
| Snowflake | Ubuntu | upstream | * |
| Telegraf | Ubuntu | esm-apps/jammy | * |
| Telegraf | Ubuntu | impish | * |
| Telegraf | Ubuntu | jammy | * |
| Telegraf | Ubuntu | kinetic | * |
| Telegraf | Ubuntu | lunar | * |
| Telegraf | Ubuntu | mantic | * |
References
- https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf
- https://github.com/pion/dtls/releases/tag/v2.1.4
- https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c
- https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf
- https://github.com/pion/dtls/releases/tag/v2.1.4
- https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c