CVE-2022-29190 - OpenCVE

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pion	Dtls

Configuration 1 [-]

cpe:2.3:a:pion:dtls:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf
https://github.com/pion/dtls/releases/tag/v2.1.4
https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-05-20T23:55:10

Updated: 2024-08-03T06:17:54.058Z

Reserved: 2022-04-13T00:00:00

Link: CVE-2022-29190

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-05-21T00:15:11.450

Modified: 2022-06-02T18:21:31.087

Link: CVE-2022-29190

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "dtls", "vendor": "pion", "versions": [{"status": "affected", "version": "< 2.1.4"}]}], "descriptions": [{"lang": "en", "value": "Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-835", "description": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-20T23:55:10", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/pion/dtls/releases/tag/v2.1.4"}], "source": {"advisory": "GHSA-cm8f-h6j3-p25c", "discovery": "UNKNOWN"}, "title": "Header reconstruction method can be thrown into an infinite loop in Pion DTLS", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-29190", "STATE": "PUBLIC", "TITLE": "Header reconstruction method can be thrown into an infinite loop in Pion DTLS"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "dtls", "version": {"version_data": [{"version_value": "< 2.1.4"}]}}]}, "vendor_name": "pion"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c", "refsource": "CONFIRM", "url": "https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c"}, {"name": "https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf", "refsource": "MISC", "url": "https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf"}, {"name": "https://github.com/pion/dtls/releases/tag/v2.1.4", "refsource": "MISC", "url": "https://github.com/pion/dtls/releases/tag/v2.1.4"}]}, "source": {"advisory": "GHSA-cm8f-h6j3-p25c", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:17:54.058Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/pion/dtls/releases/tag/v2.1.4"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-29190", "datePublished": "2022-05-20T23:55:10", "dateReserved": "2022-04-13T00:00:00", "dateUpdated": "2024-08-03T06:17:54.058Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pion:dtls:*:*:*:*:*:*:*:*", "matchCriteriaId": "465946B5-0540-41EB-91CB-571B2E842EB4", "versionEndExcluding": "2.1.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available."}, {"lang": "es", "value": "Pion DTLS es una implementaci\u00f3n de Go de Datagram Transport Layer Security. En versiones anteriores a 2.1.4, un atacante puede enviar paquetes que env\u00eden a Pion DTLS a un bucle infinito cuando los procesa. La versi\u00f3n 2.1.4 contiene un parche para este problema. Actualmente no se presentan mitigaciones conocidas disponibles"}], "id": "CVE-2022-29190", "lastModified": "2022-06-02T18:21:31.087", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-05-21T00:15:11.450", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/pion/dtls/releases/tag/v2.1.4"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "security-advisories@github.com", "type": "Primary"}]}