• caglararli@hotmail.com
  • 05386281520

CVE-2022-29190 due to telegraf?

Çağlar Arlı      -    27 Views

CVE-2022-29190 due to telegraf?

I am working on finding workaround for CVE-2022-29190 in my application.

My application makes use of telegraf.

It also states this:

Telegraf is written in Go and compiles into a single binary with no external dependencies.

When I read details of this CVE here, it says this CVE is due to Pion DTLS. Also, I find this, which mentions telegraf.

So I am a bit confused here. If telegraf has no dependencies(ie no Pion DTLS) then why is it mentioned on ubuntu site as culprit package?

What am I missing here?