Vulnerability Report: GO-2022-0462
- CVE-2022-29222, GHSA-w45j-f832-hxvh
- Affects: github.com/pion/dtls/v2
- Published: Jul 01, 2022
- Modified: May 20, 2024
Client-provided certificates are not correctly validated, and must not be trusted. DTLS client certificates must be accompanied by proof that the client possesses the private key for the certificate. The Pion DTLS server accepted client certificates unaccompanied by this proof, permitting an attacker to present any certificate and have it accepted as valid.
Affected Packages
-
PathGo VersionsSymbols
-
before v2.1.5
7 affected symbols
Aliases
References
- https://github.com/pion/dtls/commit/d2f797183a9f044ce976e6df6f362662ca722412
- https://vuln.go.dev/ID/GO-2022-0462.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.