CVE-2019-20786

handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a check for application data with epoch 0, which allows remote attackers to inject arbitrary unencrypted data after handshake completion.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
piondtls
𝑥
< 1.5.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/pion/dtls/commit/fd73a5df2ff0e1fb6ae6a51e2777d7a16cc4f4e0
https://github.com/pion/dtls/compare/v1.5.1...v1.5.2
https://www.usenix.org/conference/usenixsecurity20/presentation/fiterau-brostean
https://www.usenix.org/system/files/sec20fall_fiterau-brostean_prepub.pdf
https://github.com/pion/dtls/commit/fd73a5df2ff0e1fb6ae6a51e2777d7a16cc4f4e0
https://github.com/pion/dtls/compare/v1.5.1...v1.5.2
https://www.usenix.org/conference/usenixsecurity20/presentation/fiterau-brostean
https://www.usenix.org/system/files/sec20fall_fiterau-brostean_prepub.pdf