blob: 2b36f809b5e9b4d6e29dc3416587d06a8f71a8fb [file] [log] [blame]
id: GO-2022-0460
modules:
- module: github.com/pion/dtls/v2
versions:
- fixed: 2.1.4
vulnerable_at: 2.1.3
packages:
- package: github.com/pion/dtls/v2
symbols:
- fragmentBuffer.pop
derived_symbols:
- Client
- ClientWithContext
- Dial
- DialWithContext
- Resume
- Server
- ServerWithContext
- handshakeFSM.Run
- listener.Accept
summary: Infinite loop in github.com/pion/dtls/v2
description: |-
An attacker can send packets that send the DTLS server or client into an
infinite loop.
published: 2022-07-01T20:07:34Z
cves:
- CVE-2022-29190
ghsas:
- GHSA-cm8f-h6j3-p25c
references:
- fix: https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf
review_status: REVIEWED