CVE-2022-29189

MEDIUM Year: 2022
CVSS v3 Score
5.3
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-120
View all →

Vulnerability Description

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could exploit this to cause excessive memory usage. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available.

Related Vulnerabilities

CVE-2018-14788

MEDIUM
CVSS:5.3(Medium)

Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. A buffer overflow information disclosure vulnerability occurs when parsing certain file types.

CWE-1202018

CVE-2020-26422

MEDIUM
CVSS:5.3(Medium)

Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file

CWE-1202020

CVE-2020-4465

MEDIUM
CVSS:5.3(Medium)

IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS is vulnerable to a buffer overflow vulnerability due to an error within the channel processing code. A remote attacker cou...

CWE-1202020

CVE-2020-4869

MEDIUM
CVSS:5.3(Medium)

IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query to cause the appliance to reload. IBM...

CWE-1202020

CVE-2020-7120

MEDIUM
CVSS:5.3(Medium)

A local authenticated buffer overflow vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow...

CWE-1202020

CVE-2021-29297

MEDIUM
CVSS:5.3(Medium)

Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack t...

CWE-1202021