Headline
CVE-2022-29190: Don't attempt to append zero length fragments · pion/dtls@e0b2ce3
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available.
@@ -73,6 +73,20 @@ func TestFragmentBuffer(t *testing.T) {
},
Epoch: 0,
},
// Assert that a zero length fragment doesn’t cause the fragmentBuffer to enter an infinite loop
{
Name: "Zero Length Fragment",
In: [][]byte{
{
0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x00,
0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
},
},
Expected: [][]byte{
{0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00},
},
Epoch: 0,
},
} {
fragmentBuffer := newFragmentBuffer()
for _, frag := range test.In {
Related news
### Impact An attacker can send packets that will send Pion DTLS into an infinite loop when processing. ### Patches Upgrade to Pion DTLS v2.1.4 ### Workarounds No workarounds available, upgrade to Pion DTLS v2.1.4 ### References Thank you to [Juho Nurminen](https://github.com/jupenur) and the Mattermost team for discovering and reporting this. ### For more information If you have any questions or comments about this advisory: * Open an issue in [Pion DTLS](http://github.com/pion/dtls) * Email us at [[email protected]](mailto:[email protected])