GHSA-4xgv-j62q-h3rj: 
vulnerability analysis and mitigation

A moderate severity vulnerability (GHSA-4xgv-j62q-h3rj) was discovered in github.com/pion/dtls/v2, affecting versions prior to 2.2.4. The vulnerability was published on February 5, 2023, and involves a panic condition during the unmarshalling of Hello Verify Request messages (GitHub Advisory).

The vulnerability occurs during the unmarshalling of a hello verify request where the system attempts to unmarshal into a buffer that is too small, potentially leading to a panic condition. The vulnerability has been assigned a CVSS score of 5.9 (Moderate), with the following characteristics: Network attack vector, High attack complexity, No privileges required, No user interaction needed, Unchanged scope, No impact on confidentiality and integrity, but High impact on availability (GitHub Advisory).

The vulnerability can result in a program crash, potentially leading to a denial of service condition. When exploited, this could affect the availability of systems using the vulnerable versions of the DTLS package (GitHub Advisory).

The only recommended mitigation is to upgrade to version 2.2.4 or later of the package. No alternative workarounds are available (GitHub Advisory).