5.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-29189

GHSA ID

GHSA-cx94-mrg9-rq4j

EPSS Score

0.746%

CWE

CWE-120

Published

5/24/2022

Updated

8/29/2023

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-29189

CVE-2022-29189: Pion/DTLS contains buffer for inbound DTLS fragments with no limit

Impact

A buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or times out. An attacker could exploit this to cause excessive memory usage.

Patches

Upgrade to Pion DTLS v2.1.4

Workarounds

No workarounds available, upgrade to Pion DTLS v2.1.4

References

Thank you to Juho Nurminen and the Mattermost team for discovering and reporting this.

For more information

If you have any questions or comments about this advisory:

Open an issue in Pion DTLS
Email us at team@pion.ly

(GitHub Advisory)

5.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-29189

GHSA ID

GHSA-cx94-mrg9-rq4j

EPSS Score

0.746%

CWE

CWE-120

Published

5/24/2022

Updated

8/29/2023

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/pion/dtls	go	< 2.1.4	2.1.4
github.com/pion/dtls/v2	go	< 2.1.4	2.1.4

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from uncontrolled buffering of inbound DTLS fragments. The commit a6397ff added critical size checks to fragmentBuffer.push() and introduced fragmentBuffer.size(), indicating this was the vulnerable area. The CWE-120 classification matches unbounded buffer growth in network input handling. The patch specifically modifies the push method to enforce a 2MB limit, confirming this function's role in the vulnerability. The associated test in fragment_buffer_test.go validates the overflow protection, further confirming the function's central role.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t * *u***r t**t w*s us** *or in*oun* n*twork tr***i* *** no upp*r limit. Pion *TLS woul* *u***r *ll n*twork tr***i* *rom t** r*mot* us*r until t** **n*s**k* *ompl*t*s or tim*s out. *n *tt**k*r *oul* *xploit t*is to **us* *x**ssiv* m*mory us*

Reasoning

T** vuln*r**ility st*ms *rom un*ontroll** *u***rin* o* in*oun* *TLS *r**m*nts. T** *ommit ******* ***** *riti**l siz* ****ks to *r**m*nt*u***r.pus*() *n* intro*u*** *r**m*nt*u***r.siz*(), in*i**tin* t*is w*s t** vuln*r**l* *r**. T** *W*-*** *l*ssi*i*

5.3

Basic Information

Concerned about an active attack path?

CVE-2022-29189: Pion/DTLS contains buffer for inbound DTLS fragments with no limit

Impact

Patches

Workarounds

References

For more information

5.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI