7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-29190

CVE-2022-29190: Pion DTLS Header reconstruction method can be thrown into an infinite loop

Impact

An attacker can send packets that will send Pion DTLS into an infinite loop when processing.

Patches

Upgrade to Pion DTLS v2.1.4

Workarounds

No workarounds available, upgrade to Pion DTLS v2.1.4

References

Thank you to Juho Nurminen and the Mattermost team for discovering and reporting this.

For more information

If you have any questions or comments about this advisory:

Open an issue in Pion DTLS
Email us at team@pion.ly

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2022-29190

CVE-2022-29190:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/pion/dtls	go	< 2.1.4	2.1.4
github.com/pion/dtls/v2	go	< 2.1.4	2.1.4

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The commit e0b2ce3 shows a critical modification in fragment_buffer.go where a 'FragmentLength != 0' check was added to prevent infinite loops. The associated test case in fragment_buffer_test.go demonstrates handling of zero-length fragments that previously caused infinite processing. The CWE-835 classification and vulnerability description directly match this code pattern where malformed DTLS fragments could keep the loop running indefinitely by never reaching the exit condition.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2022-29190: Pion DTLS Header reconstruction method can be thrown into an infinite loop

Impact

Patches

Workarounds

References

For more information

CVE-2022-29190:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

7.5

7.5

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

CVE-2022-29190: Pion DTLS Header reconstruction method can be thrown into an infinite loop

Impact

Patches

Workarounds

References

For more information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI