CVE-2022-29190

Опубликовано: 21 мая 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available.

Ссылки

https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf
Patch
Third Party Advisory
https://github.com/pion/dtls/releases/tag/v2.1.4
Release Notes
Third Party Advisory
https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c
Third Party Advisory
https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf
Patch
Third Party Advisory
https://github.com/pion/dtls/releases/tag/v2.1.4
Release Notes
Third Party Advisory
https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pion:dtls:*:*:*:*:*:*:*:*

Версия до 2.1.4 (исключая)

EPSS

Процентиль: 50%

0.00271

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-835

Связанные уязвимости

CVE-2022-29190

CVSS3: 7.5

ubuntu

больше 3 лет назад

CVE-2022-29190

CVSS3: 7.5

debian

больше 3 лет назад

Pion DTLS is a Go implementation of Datagram Transport Layer Security. ...

GHSA-cm8f-h6j3-p25c

CVSS3: 7.5

github

больше 3 лет назад

Pion DTLS Header reconstruction method can be thrown into an infinite loop

EPSS

Процентиль: 50%

0.00271

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-835