CVE-2019-20786

EUVD-2021-1278
handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a check for application data with epoch 0, which allows remote attackers to inject arbitrary unencrypted data after handshake completion.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
piondtls
𝑥
< 1.5.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/pion/dtls/commit/fd73a5df2ff0e1fb6ae6a51e2777d7a16cc4f4e0
https://github.com/pion/dtls/compare/v1.5.1...v1.5.2
https://www.usenix.org/conference/usenixsecurity20/presentation/fiterau-brostean
https://www.usenix.org/system/files/sec20fall_fiterau-brostean_prepub.pdf
https://github.com/pion/dtls/commit/fd73a5df2ff0e1fb6ae6a51e2777d7a16cc4f4e0
https://github.com/pion/dtls/compare/v1.5.1...v1.5.2
https://www.usenix.org/conference/usenixsecurity20/presentation/fiterau-brostean
https://www.usenix.org/system/files/sec20fall_fiterau-brostean_prepub.pdf