CVE-2026-54908

Publication date 2 July 2026

Last updated 2 July 2026


Ubuntu priority

Description

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Versions prior to 3.1.4 are vulnerable to Remote Denial of Service via panic while parsing a crafted ECDHE_PSK ServerKeyExchange message. This issue has been fixed in version 3.1.4.

Status

Package Ubuntu Release Status
golang-github-pion-dtls-v3 26.04 LTS resolute
Needs evaluation
25.10 questing Not in release
24.04 LTS noble Not in release
22.04 LTS jammy Not in release
golang-github-pion-dtls.v2 26.04 LTS resolute
Needs evaluation
25.10 questing
Needs evaluation
24.04 LTS noble
Needs evaluation
22.04 LTS jammy Not in release

Severity score breakdown

CVSS version: CVSS v4.0

Base score 6.3 · Medium

Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N


Access our resources on patching vulnerabilities