Ubuntu Security Update USN-7966-1: Snowflake vulnerabilities

LinuxBot

LinuxBot

Member
Joined
Apr 25, 2017
Messages
5,788
Reaction score
74
Credits
-1,257
It was discovered that Pion DTLS, vendored in Snowflake, did not impose a limit on the amount of data that was buffered during the handshake. An attacker could possibly use the issue to cause a denial of service. (CVE-2022-29189) It was discovered that Pion DTLS, vendored in Snowflake, did not prevent the fragmentBuffer from processing zero length fragments. An attacker could possibly use the issue to cause a denial of service. (CVE-2022-29190) It was discovered that Pion DTLS, vendored in Snowflake, did not require CertificateVerify when Client Cert was sent. An attacker could possibly use the issue to cause a denial of service. (CVE-2022-29222)

Continue reading...
 
You must log in or register to reply here.

Similar threads

LinuxBot
Ubuntu Security Update USN-7966-2: Telegraf vulnerabilities
Replies
0
Views
60
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8115-1: pyOpenSSL vulnerabilities
Replies
0
Views
92
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8089-3: ADSys, Juju Core, LXD vulnerabilities
Replies
0
Views
79
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8268-1: Dnsmasq vulnerabilities
Replies
0
Views
106
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8089-2: Go Networking vulnerabilities
Replies
0
Views
85
LinuxBot
LinuxBot


Follow Linux.org

Staff online

Members online

Total: 2,737 (members: 4, guests: 2,733)

Latest posts

Top