CVE-2022-29190 - Vulnerability Details - OpenCVE

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Pion	Dtls

Configuration 1 [-]

cpe:2.3:a:pion:dtls:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf
https://github.com/pion/dtls/releases/tag/v2.1.4
https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c

History

Wed, 23 Apr 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-05-20T23:55:10.000Z

Updated: 2025-04-23T18:23:25.844Z

Reserved: 2022-04-13T00:00:00.000Z

Link: CVE-2022-29190

Vulnrichment

Updated: 2024-08-03T06:17:54.058Z

NVD

Status : Modified

Published: 2022-05-21T00:15:11.450

Modified: 2024-11-21T06:58:40.523

Link: CVE-2022-29190

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "dtls", "vendor": "pion", "versions": [{"status": "affected", "version": "< 2.1.4"}]}], "descriptions": [{"lang": "en", "value": "Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-835", "description": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-20T23:55:10.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/pion/dtls/releases/tag/v2.1.4"}], "source": {"advisory": "GHSA-cm8f-h6j3-p25c", "discovery": "UNKNOWN"}, "title": "Header reconstruction method can be thrown into an infinite loop in Pion DTLS", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-29190", "STATE": "PUBLIC", "TITLE": "Header reconstruction method can be thrown into an infinite loop in Pion DTLS"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "dtls", "version": {"version_data": [{"version_value": "< 2.1.4"}]}}]}, "vendor_name": "pion"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c", "refsource": "CONFIRM", "url": "https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c"}, {"name": "https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf", "refsource": "MISC", "url": "https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf"}, {"name": "https://github.com/pion/dtls/releases/tag/v2.1.4", "refsource": "MISC", "url": "https://github.com/pion/dtls/releases/tag/v2.1.4"}]}, "source": {"advisory": "GHSA-cm8f-h6j3-p25c", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:17:54.058Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/pion/dtls/releases/tag/v2.1.4"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T15:54:57.837394Z", "id": "CVE-2022-29190", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T18:23:25.844Z"}}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-29190", "datePublished": "2022-05-20T23:55:10.000Z", "dateReserved": "2022-04-13T00:00:00.000Z", "dateUpdated": "2025-04-23T18:23:25.844Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"containers": {"cna": {"affected": [{"product": "dtls", "vendor": "pion", "versions": [{"status": "affected", "version": "< 2.1.4"}]}], "descriptions": [{"lang": "en", "value": "Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-835", "description": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-20T23:55:10.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/pion/dtls/releases/tag/v2.1.4"}], "source": {"advisory": "GHSA-cm8f-h6j3-p25c", "discovery": "UNKNOWN"}, "title": "Header reconstruction method can be thrown into an infinite loop in Pion DTLS", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-29190", "STATE": "PUBLIC", "TITLE": "Header reconstruction method can be thrown into an infinite loop in Pion DTLS"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "dtls", "version": {"version_data": [{"version_value": "< 2.1.4"}]}}]}, "vendor_name": "pion"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c", "refsource": "CONFIRM", "url": "https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c"}, {"name": "https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf", "refsource": "MISC", "url": "https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf"}, {"name": "https://github.com/pion/dtls/releases/tag/v2.1.4", "refsource": "MISC", "url": "https://github.com/pion/dtls/releases/tag/v2.1.4"}]}, "source": {"advisory": "GHSA-cm8f-h6j3-p25c", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:17:54.058Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/pion/dtls/releases/tag/v2.1.4"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-29190", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-23T15:54:57.837394Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T15:54:59.682Z"}}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-29190", "datePublished": "2022-05-20T23:55:10.000Z", "dateReserved": "2022-04-13T00:00:00.000Z", "dateUpdated": "2025-04-23T18:23:25.844Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pion:dtls:*:*:*:*:*:*:*:*", "matchCriteriaId": "465946B5-0540-41EB-91CB-571B2E842EB4", "versionEndExcluding": "2.1.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available."}, {"lang": "es", "value": "Pion DTLS es una implementaci\u00f3n de Go de Datagram Transport Layer Security. En versiones anteriores a 2.1.4, un atacante puede enviar paquetes que env\u00eden a Pion DTLS a un bucle infinito cuando los procesa. La versi\u00f3n 2.1.4 contiene un parche para este problema. Actualmente no se presentan mitigaciones conocidas disponibles"}], "id": "CVE-2022-29190", "lastModified": "2024-11-21T06:58:40.523", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-21T00:15:11.450", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/pion/dtls/releases/tag/v2.1.4"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/pion/dtls/releases/tag/v2.1.4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "security-advisories@github.com", "type": "Secondary"}]}