GMS-2023-305: Out-of-bounds Read

February 7, 2023 (updated June 13, 2023)

When attempting to unmarshal a Server Hello request we could attempt to unmarshal into a buffer that was too small. This could result in a panic leading the program to crash. This issue could be abused to cause a denial of service.

References

github.com/advisories/GHSA-hxp2-xqf3-v83h
github.com/pion/dtls/commit/7a14903448b70069fd9e02adf210ca23083c56d2
github.com/pion/dtls/security/advisories/GHSA-hxp2-xqf3-v83h
pkg.go.dev/vuln/GO-2023-1535

Detect and mitigate GMS-2023-305 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →