VYPR

DTLS

by Pion

Source repositories

CVEs (5)

  • CVE-2022-29190HigMay 21, 2022
    risk 0.42cvss 7.5epss 0.01

    Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds…

  • CVE-2022-29222MedMay 21, 2022
    risk 0.31cvss 5.9epss 0.01

    Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wouldn't reject it. This issue affects users that are using Client certificates only.…

  • CVE-2022-29189MedMay 21, 2022
    risk 0.28cvss 5.3epss 0.02

    Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An…

  • CVE-2026-54908Jul 3, 2026
    risk 0.00cvss epss 0.00

    Pion DTLS is a Go implementation of Datagram Transport Layer Security. Versions prior to 3.1.4 are vulnerable to Remote Denial of Service via panic while parsing a crafted ECDHE_PSK ServerKeyExchange message. This issue has been fixed in version 3.1.4.

  • CVE-2026-26014Feb 11, 2026
    risk 0.00cvss epss 0.01

    Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.0.10 and 3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging…