CNNVD-202602-1818 Information

CNNVD ID

CNNVD-202602-1818

Related CVE

CVE-2026-26014

• CNNVD Published: 2026-02-11

Description (Chinese)

Pion DTLS是Pion开源的一款基于Go语言的DTLS（数据包传输层安全性协议）实现。 Pion DTLS v1.0.0至v3.1.0版本存在信息泄露漏洞，该漏洞源于AES GCM密码使用随机随机数生成，可能导致远程攻击者获取身份验证密钥并伪造数据。

Description (English)

Pion DTLS is a Go language-based DTLS (data package transfer layer security protocol). Pion DTLS v1.0.0 to v3.1.0 contains a leaking loophole, which arises from the use of random numbers by AES GMC passwords, which may result in remote assailants obtaining identification keys and falsifying data.

Hazard Level

Low

Vulnerability Type

信息泄露

Affected Vendor

Pion

Published

2026-02-11

Last Modified

2026-02-24

References

https://github.com/pion/dtls/pull/796 https://github.com/pion/dtls/releases/tag/v3.0.11 https://github.com/pion/dtls/commit/61762dee8217991882c5eb79856b9e7a73ee349f https://github.com/pion/dtls/security/advisories/GHSA-9f3f-wv7r-qc8r https://github.com/pion/dtls/commit/90e241cfec2985715efdd3d005972847462a67d6 https://github.com/pion/dtls/releases/tag/v3.1.0 https://github.com/pion/dtls/releases/tag/v3.1.1