GMS-2023-256: Pion DTLS is vulnerable to panic via Hello Verify Request unmarshal

February 7, 2023 (updated August 23, 2023)

Impact

During the unmarshalling of a hello verify request we could try to unmarshal into too small a buffer. is could result in a panic leading the program to crash.

This issue could be abused to cause a denial of service.

Workaround

None, upgrade to 2.2.4

References

github.com/advisories/GHSA-4xgv-j62q-h3rj
github.com/pion/dtls/commit/a50d26c5e4eed2ca87509494ffef2d2ebd22b1eb
github.com/pion/dtls/security/advisories/GHSA-4xgv-j62q-h3rj

Detect and mitigate GMS-2023-256 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →