UBUNTU-CVE-2022-29222

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wouldn't reject it. This issue affects users that are using Client certificates only. The connection...

UBUNTU-CVE-2022-29189

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could explo...

CVE-2022-29222

CVE-2022-29222 affects Pion DTLS (Go) prior to v2.1.5. A DTLS server could accept a client certificate without the client proving possession of the corresponding private key, making the provided certificate untrustworthy while the connection remains otherwise secure. Publicly documented details c...

CVE-2022-29222

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wouldn't reject it. This issue affects users that are using Client certificates only. The connection...

Pion DTLS 信任管理问题漏洞

Pion DTLS is a Go-based implementation of DTLS Packet Transport Layer Security Protocol. A trust management issue vulnerability exists in Pion DTLS versions prior to 2.1.5, which stems from the fact that a DTLS client can provide a certificate for which it does not own the private key, and Pion...

PT-2022-19474

Name of the Vulnerable Software and Affected Versions Pion DTLS versions prior to 2.1.5 Description The issue affects users that are using Client certificates only. A DTLS Client could provide a Certificate that it doesn't possess the private key for, and Pion DTLS wouldn't reject it. The...

CVE-2022-29189

The CVE concerns Pion DTLS (Go DTLS) prior to version 2.1.4, where an inbound-buffer for handshake data had no upper limit, allowing an attacker to cause unbounded memory growth and potential denial of service during the handshake. Concrete evidence in connected sources shows the issue is fixed i...

CVE-2022-29190

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available...

PT-2022-19441

Name of the Vulnerable Software and Affected Versions Pion DTLS versions prior to 2.1.4 Description The issue concerns a buffer used for inbound network traffic that had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or times out. An...

The vulnerability of the Datagram TLS implementation in microprogramming-based network interface controllers from Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) allows attackers to induce service failures.

The vulnerability of the Datagram TLS implementation in Cisco Adaptive Security Appliances ASA and Cisco Firepower Threat Defense FTD lies in insufficient data authentication. Exploiting this vulnerability allows a malicious actor to induce service failure through specially created DTLS traffic...

CVE-2022-29491

On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a virtual server is configured with HTTP, TCP on one side client/server, and DTLS on the other...

CVE-2022-26071

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a flaw in the way reply ICMP packets are limited in the Traffic Management Microkernel TMM allows an attack...

CVE-2022-26071

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a flaw in the way reply ICMP packets are limited in the Traffic Management Microkernel TMM allows an attack...

CVE-2022-20767

A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of the DNS reputation enforcement...

CVE-2022-20757

A vulnerability in the connection handling function in Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper traffic handling when platform limits are...

Cisco Adaptive Security Appliance Software AnyConnect SSL VPN DoS (cisco-sa-vpndtls-dos-TunzLEV)

According to its self-reported version, Cisco ASA Software is affected by a vulnerability in the implementation of the Datagram TLS DTLS protocol that could allow an unauthenticated, remote attacker to cause high CPU utilization, resulting in a denial of service DoS condition. This vulnerability ...

CVE-2022-20757

A vulnerability in the connection handling function in Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper traffic handling when platform limits are...

Cisco Firepower Threat Defense 安全漏洞

Cisco Firepower Threat Defense is a suite of unified software from Cisco that provides next-generation firewall services. The vulnerability stems from incorrect traffic handling when platform limits are reached, and can be exploited to cause a denial-of-service DoS condition by sending high-rate...

The vulnerability in the implementation of the DTLS protocol by the OpenSSL library, which allows a hacker to cause a service failure.

The vulnerability of the DTLS protocol implementation in the OpenSSL library is related to resource management errors. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

CVE-2022-20795

A vulnerability in the implementation of the Datagram TLS DTLS protocol in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause high CPU utilization, resulting in a denial of service DoS condition...