Fabre

#1127928 golang-github-pion-dtls.v2: CVE-2026-26014 #1127928

Package:: src:golang-github-pion-dtls.v2

Source:: src:golang-github-pion-dtls.v2

Submitter:: Salvatore Bonaccorso

Date:: 2026-02-14 12:57:03 UTC

Severity:: normal

Tags:

#1127928#5

Date:: 2026-02-14 12:54:24 UTC

From:

To:

Hi,

The following vulnerability was published for golang-github-pion-dtls*.

CVE-2026-26014[0]:
| Pion DTLS is a Go implementation of Datagram Transport Layer
| Security. Pion DTLS versions v1.0.0 through v3.0.10 and 3.1.0 use
| random nonce generation with AES GCM ciphers, which makes it easier
| for remote attackers to obtain the authentication key and spoof data
| by leveraging the reuse of a nonce in a session and a "forbidden
| attack". Upgrade to v3.0.11, v3.1.1, or later.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-26014
https://www.cve.org/CVERecord?id=CVE-2026-26014
[1] https://github.com/pion/dtls/security/advisories/GHSA-9f3f-wv7r-qc8r

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

#1127928 golang-github-pion-dtls.v2: CVE-2026-26014 #1127928

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)