Vulnerability Report: GO-2022-0462

CVE-2022-29222, GHSA-w45j-f832-hxvh
Affects: github.com/pion/dtls/v2
Published: Jul 01, 2022
Modified: May 20, 2024

Client-provided certificates are not correctly validated, and must not be trusted. DTLS client certificates must be accompanied by proof that the client possesses the private key for the certificate. The Pion DTLS server accepted client certificates unaccompanied by this proof, permitting an attacker to present any certificate and have it accepted as valid.

Affected Packages

Path

Versions

Symbols
github.com/pion/dtls/v2

before v2.1.5
7 affected symbols

Aliases

CVE-2022-29222
GHSA-w45j-f832-hxvh

References

https://github.com/pion/dtls/commit/d2f797183a9f044ce976e6df6f362662ca722412
https://vuln.go.dev/ID/GO-2022-0462.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL