CVE-2022-29189

Name of the Vulnerable Software and Affected Versions Pion DTLS versions prior to 2.1.4

Description The issue concerns a buffer used for inbound network traffic that had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or times out. An attacker could exploit this to cause excessive memory usage.

Recommendations For versions prior to 2.1.4, upgrade to Pion DTLS version 2.1.4 to resolve the issue. As a temporary workaround, consider restricting the amount of network traffic from remote users to minimize the risk of exploitation until a patch is applied.