CVE-2022-29190

NameCVE-2022-29190
DescriptionPion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1011457

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
snowflake (PTS)sid, trixie, bookworm2.5.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
snowflakesource(unstable)2.2.0-11011457

Notes

https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c
https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf (v2.1.4)
https://github.com/pion/dtls/releases/tag/v2.1.4
Search for package or bug name: Reporting problems