| packages: |
| - module: github.com/pion/dtls/v2 |
| symbols: |
| - fragmentBuffer.pop |
| derived_symbols: |
| - Client |
| - ClientWithContext |
| - Dial |
| - DialWithContext |
| - Resume |
| - Server |
| - ServerWithContext |
| - handshakeFSM.Run |
| - listener.Accept |
| versions: |
| - fixed: 2.1.4 |
| vulnerable_at: 2.1.3 |
| description: | |
| An attacker can send packets that send the DTLS server or client |
| into an infinite loop. |
| cves: |
| - CVE-2022-29190 |
| ghsas: |
| - GHSA-cm8f-h6j3-p25c |
| links: |
| commit: https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf |