Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available.
References
Link | Resource |
---|---|
https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf | Patch Third Party Advisory |
https://github.com/pion/dtls/releases/tag/v2.1.4 | Release Notes Third Party Advisory |
https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c | Third Party Advisory |
Configurations
History
02 Jun 2022, 18:21
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c - Third Party Advisory | |
References | (MISC) https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf - Patch, Third Party Advisory | |
References | (MISC) https://github.com/pion/dtls/releases/tag/v2.1.4 - Release Notes, Third Party Advisory | |
First Time |
Pion
Pion dtls |
|
CPE | cpe:2.3:a:pion:dtls:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
21 May 2022, 03:33
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-21 00:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-29190
Mitre link : CVE-2022-29190
CVE.ORG link : CVE-2022-29190
JSON object : View
Products Affected
pion
- dtls
CWE
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')