CVE-2022-29190

Published: May 21, 2022Modified: Jun 17, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available.

Affected (1)

Products: Pion: Dtls

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pion Dtls	Before 2.1.4

Related CWEs

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (6)

https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/pion/dtls/releases/tag/v2.1.4

Source: security-advisories@github.com

Release NotesThird Party Advisory

https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c

Source: security-advisories@github.com

Third Party Advisory

https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/pion/dtls/releases/tag/v2.1.4

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.