CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
31.1%
Pion DTLS is a Go implementation of Datagram Transport Layer Security.
Prior to version 2.1.5, a DTLS Client could provide a Certificate that it
doesn’t posses the private key for and Pion DTLS wouldn’t reject it. This
issue affects users that are using Client certificates only. The connection
itself is still secure. The Certificate provided by clients can’t be
trusted when using a Pion DTLS server prior to version 2.1.5. Users should
upgrade to version 2.1.5 to receive a patch. There are currently no known
workarounds.
github.com/pion/dtls/commit/d2f797183a9f044ce976e6df6f362662ca722412
github.com/pion/dtls/commit/d2f797183a9f044ce976e6df6f362662ca722412 (v2.1.5)
github.com/pion/dtls/releases/tag/v2.1.5
github.com/pion/dtls/security/advisories/GHSA-w45j-f832-hxvh
launchpad.net/bugs/cve/CVE-2022-29222
nvd.nist.gov/vuln/detail/CVE-2022-29222
security-tracker.debian.org/tracker/CVE-2022-29222
www.cve.org/CVERecord?id=CVE-2022-29222
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
31.1%