Lucene search
GoogleOSV:CVE-2022-29222HistoryMay 21, 2022 - 12:15 a.m.
CVE-2022-29222
2022-05-2100:15:12
Google
osv.dev
4
pion dtls
security issue
untrusted certificates
upgrade
version 2.1.5
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn’t posses the private key for and Pion DTLS wouldn’t reject it. This issue affects users that are using Client certificates only. The connection itself is still secure. The Certificate provided by clients can’t be trusted when using a Pion DTLS server prior to version 2.1.5. Users should upgrade to version 2.1.5 to receive a patch. There are currently no known workarounds.
Related
github
github
Pion/DLTS Accepts Client Certificates Without CertificateVerify
2022-05-25 19:26:09
prion
prion
Code injection
2022-05-21 00:15:00
osv
osv
Pion/DLTS Accepts Client Certificates Without CertificateVerify
2022-05-25 19:26:09
Improper validation of client certificates in github.com/pion/dtls/v2
2022-07-01 20:07:12
debiancve
debiancve
CVE-2022-29222
2022-05-21 00:15:12
cvelist
cvelist
CVE-2022-29222 Improper Certificate Validation in Pion DTLS
2022-05-21 00:00:15
veracode
veracode
Improper Certificate Validation
2022-05-23 04:28:43
cve
cve
CVE-2022-29222
2022-05-21 00:15:12
ubuntucve
ubuntucve
CVE-2022-29222
2022-05-21 00:00:00
nvd
nvd
CVE-2022-29222
2022-05-21 00:15:12