CVE-2021-28681

2021-03-1804:15:14

Google

osv.dev

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.8%

JSON

Pion WebRTC before 3.0.15 didn’t properly tear down the DTLS Connection when certificate verification failed. The PeerConnectionState was set to failed, but a user could ignore that and continue to use the PeerConnection. )A WebRTC implementation shouldn’t allow the user to continue if verification has failed.)

CPENameOperatorVersion
webrtceq3.0.0-beta.5
webrtceq3.0.0-beta.10
webrtceq2.2.11
webrtceq2.1.9
webrtceq2.1.13
webrtceq2.0.15
webrtceq3.0.0-beta.1
webrtceq2.0.17
webrtceq3.0.2
webrtceq2.0.16

Name	Operator	Version
webrtc	eq	3.0.0-beta.5
webrtc	eq	3.0.0-beta.10
webrtc	eq	2.2.11
webrtc	eq	2.1.9
webrtc	eq	2.1.13
webrtc	eq	2.0.15
webrtc	eq	3.0.0-beta.1
webrtc	eq	2.0.17
webrtc	eq	3.0.2
webrtc	eq	2.0.16