x/vulndb: add reports/GO-2022-0460.yaml for CVE-2022-29190
Fixes golang/vulndb#0460
Change-Id: Ifeebf92429988b1fb5b9d404358aa0240feab2f6
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/414574
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
diff --git a/reports/GO-2022-0460.yaml b/reports/GO-2022-0460.yaml
new file mode 100644
index 0000000..1da2e58
--- /dev/null
+++ b/reports/GO-2022-0460.yaml
@@ -0,0 +1,26 @@
+packages:
+ - module: github.com/pion/dtls/v2
+ symbols:
+ - fragmentBuffer.pop
+ derived_symbols:
+ - Client
+ - ClientWithContext
+ - Dial
+ - DialWithContext
+ - Resume
+ - Server
+ - ServerWithContext
+ - handshakeFSM.Run
+ - listener.Accept
+ versions:
+ - fixed: 2.1.4
+ vulnerable_at: 2.1.3
+description: |
+ An attacker can send packets that send the DTLS server or client
+ into an infinite loop.
+cves:
+ - CVE-2022-29190
+ghsas:
+ - GHSA-cm8f-h6j3-p25c
+links:
+ commit: https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf