x/vulndb: add reports/GO-2022-0460.yaml for CVE-2022-29190 Fixes golang/vulndb#0460 Change-Id: Ifeebf92429988b1fb5b9d404358aa0240feab2f6 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/414574 Reviewed-by: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>

commit: dcbbe6f644254881da9df2f4d6049669b8ff0ca6 [log] [tgz]
author: Damien Neil <dneil@google.com> Mon Jun 27 11:53:30 2022 -0700
committer: Damien Neil <dneil@google.com> Fri Jul 01 20:07:34 2022 +0000
tree: 79e23d9a62f50d859d6f8b1a83ba466f78ad66b1
parent: 207948b206c63d62cbfac9d6f8a3f02153c01d13 [diff]
diff --git a/reports/GO-2022-0460.yaml b/reports/GO-2022-0460.yaml
new file mode 100644
index 0000000..1da2e58
--- /dev/null
+++ b/reports/GO-2022-0460.yaml

@@ -0,0 +1,26 @@
+packages:
+  - module: github.com/pion/dtls/v2
+    symbols:
+      - fragmentBuffer.pop
+    derived_symbols:
+      - Client
+      - ClientWithContext
+      - Dial
+      - DialWithContext
+      - Resume
+      - Server
+      - ServerWithContext
+      - handshakeFSM.Run
+      - listener.Accept
+    versions:
+      - fixed: 2.1.4
+    vulnerable_at: 2.1.3
+description: |
+    An attacker can send packets that send the DTLS server or client
+    into an infinite loop.
+cves:
+  - CVE-2022-29190
+ghsas:
+  - GHSA-cm8f-h6j3-p25c
+links:
+    commit: https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf
commit	dcbbe6f644254881da9df2f4d6049669b8ff0ca6	[log] [tgz]
author	Damien Neil <dneil@google.com>	Mon Jun 27 11:53:30 2022 -0700
committer	Damien Neil <dneil@google.com>	Fri Jul 01 20:07:34 2022 +0000
tree	79e23d9a62f50d859d6f8b1a83ba466f78ad66b1
parent	207948b206c63d62cbfac9d6f8a3f02153c01d13 [diff]