GO-2021-0104
- Source
- https://pkg.go.dev/vuln/GO-2021-0104
- Import Source
- https://vuln.go.dev/ID/GO-2021-0104.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GO-2021-0104
- Aliases
- Published
- 2021-07-28T18:08:05Z
- Modified
- 2024-05-20T16:03:47Z
- Summary
- Authorization bypass in github.com/pion/webrtc/v3
- Details
-
Due to improper error handling, DTLS connections were not killed when certificate verification failed, causing users who did not check the connection state to continue to use the connection. This could allow allow an attacker which holds the ICE password, but not a valid certificate, to bypass this restriction.
- Database specific
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2021-0104" }- References
- Credits
-
-
- Gaukas Wang (@Gaukas)
-
Affected packages
Go / github.com/pion/webrtc/v3
Package
- Name
- github.com/pion/webrtc/v3
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/pion/webrtc/v3
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.15
Ecosystem specific
{
"imports": [
{
"path": "github.com/pion/webrtc/v3",
"symbols": [
"DTLSTransport.Start",
"PeerConnection.AddTrack",
"PeerConnection.AddTransceiverFromKind",
"PeerConnection.AddTransceiverFromTrack",
"PeerConnection.CreateDataChannel",
"PeerConnection.RemoveTrack",
"PeerConnection.SetLocalDescription",
"PeerConnection.SetRemoteDescription",
"operations.Done",
"operations.Enqueue"
]
}
]
}