handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a check for application data with epoch 0, which allows remote attackers to inject arbitrary unencrypted data after handshake completion.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/pion/dtls(Go) | 0 | 1.5.2 | N/A |
CVSS Metrics
