Vulnerabilities > CVE-2022-29190 - Infinite Loop vulnerability in Pion Dtls

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

pion

CWE-835

NVD

Published: 2022-05-21

Updated: 2022-06-02

Summary

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available.

Vulnerable Configurations

Part	Description	Count
Application	Pion Pion Dtls - Pion Dtls 1.0.0 Pion Dtls 1.0.1 Pion Dtls 1.0.2 Pion Dtls 1.1.0 Pion Dtls 1.1.1 Pion Dtls 1.2.0 Pion Dtls 1.2.1 Pion Dtls 1.2.2 Pion Dtls 1.2.3 Pion Dtls 1.3.0 Pion Dtls 1.3.1 Pion Dtls 1.3.2 Pion Dtls 1.3.3 Pion Dtls 1.3.4 Pion Dtls 1.3.5 Pion Dtls 1.4.0 Pion Dtls 1.5.0 Pion Dtls 1.5.1 Pion Dtls 1.5.2 Pion Dtls 1.5.3 Pion Dtls 1.5.4 Pion Dtls 2.0.0 Pion Dtls 2.0.1 Pion Dtls 2.0.2 Pion Dtls 2.0.3 Pion Dtls 2.0.4 Pion Dtls 2.0.5 Pion Dtls 2.0.6 Pion Dtls 2.0.7 Pion Dtls 2.0.8 Pion Dtls 2.0.9 Pion Dtls 2.0.10 Pion Dtls 2.0.11 Pion Dtls 2.0.12 Pion Dtls 2.0.13 Pion Dtls 2.1.0 Pion Dtls 2.1.1 Pion Dtls 2.1.2 Pion Dtls 2.1.3	50

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References