exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2022-29222

больше 3 лет назад

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wouldn't reject it. This issue affects users that are using Client certificates only. The connection itself is still secure. The Certificate provided by clients can't be trusted when using a Pion DTLS server prior to version 2.1.5. Users should upgrade to version 2.1.5 to receive a patch. There are currently no known workarounds.

CVSS3: 5.9

EPSS: Низкий

CVE-2022-29222

больше 3 лет назад

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wouldn't reject it. This issue affects users that are using Client certificates only. The connection itself is still secure. The Certificate provided by clients can't be trusted when using a Pion DTLS server prior to version 2.1.5. Users should upgrade to version 2.1.5 to receive a patch. There are currently no known workarounds.

CVSS3: 5.9

EPSS: Низкий

CVE-2022-29222

больше 3 лет назад

Pion DTLS is a Go implementation of Datagram Transport Layer Security. ...

CVSS3: 5.9

EPSS: Низкий

GHSA-w45j-f832-hxvh

больше 3 лет назад

Pion/DLTS Accepts Client Certificates Without CertificateVerify

CVSS3: 5.9

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2022-29222 Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wouldn't reject it. This issue affects users that are using Client certificates only. The connection itself is still secure. The Certificate provided by clients can't be trusted when using a Pion DTLS server prior to version 2.1.5. Users should upgrade to version 2.1.5 to receive a patch. There are currently no known workarounds.	CVSS3: 5.9	0% Низкий	больше 3 лет назад
CVE-2022-29222 Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wouldn't reject it. This issue affects users that are using Client certificates only. The connection itself is still secure. The Certificate provided by clients can't be trusted when using a Pion DTLS server prior to version 2.1.5. Users should upgrade to version 2.1.5 to receive a patch. There are currently no known workarounds.	CVSS3: 5.9	0% Низкий	больше 3 лет назад
CVE-2022-29222 Pion DTLS is a Go implementation of Datagram Transport Layer Security. ...	CVSS3: 5.9	0% Низкий	больше 3 лет назад
GHSA-w45j-f832-hxvh Pion/DLTS Accepts Client Certificates Without CertificateVerify	CVSS3: 5.9	0% Низкий	больше 3 лет назад

Уязвимостей на страницу