Vulnerability Report: GO-2021-0104

CVE-2021-28681, GHSA-74xm-qj29-cq8p
Affects: github.com/pion/webrtc/v3
Published: Jul 28, 2021
Modified: Jun 12, 2023

Due to improper error handling, DTLS connections were not killed when certificate verification failed, causing users who did not check the connection state to continue to use the connection. This could allow allow an attacker which holds the ICE password, but not a valid certificate, to bypass this restriction.

Affected Packages

Path

Versions

Symbols
github.com/pion/webrtc/v3

before v3.0.15
8 affected symbols

Aliases

CVE-2021-28681
GHSA-74xm-qj29-cq8p

References

https://github.com/pion/webrtc/pull/1709
https://github.com/pion/webrtc/commit/545613dcdeb5dedb01cce94175f40bcbe045df2e
https://github.com/pion/webrtc/issues/1708
https://vuln.go.dev/ID/GO-2021-0104.json

Credits

Gaukas Wang (@Gaukas)

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL