vulnerability
Ubuntu: (Multiple Advisories) (CVE-2022-29189): Snowflake vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | May 21, 2022 | Jan 20, 2026 | Jan 21, 2026 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
May 21, 2022
Added
Jan 20, 2026
Modified
Jan 21, 2026
Description
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could exploit this to cause excessive memory usage. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available.
Solutions
ubuntu-pro-upgrade-snowflake-clientubuntu-pro-upgrade-snowflake-proxyubuntu-pro-upgrade-telegraf
References
- CVE-2022-29189
- https://attackerkb.com/topics/CVE-2022-29189
- CWE-120
- UBUNTU-USN-7966-1
- UBUNTU-USN-7966-2
- URL-https://github.com/pion/dtls/commit/a6397ff7282bc56dc37a68ea9211702edb4de1de
- URL-https://github.com/pion/dtls/releases/tag/v2.1.4
- URL-https://github.com/pion/dtls/security/advisories/GHSA-cx94-mrg9-rq4j
- URL-https://ubuntu.com/security/notices/USN-7966-1
- URL-https://ubuntu.com/security/notices/USN-7966-2
- URL-https://www.cve.org/CVERecord?id=CVE-2022-29189
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.