| { |
| "id": "GO-2022-0462", |
| "published": "2022-07-01T20:07:12Z", |
| "modified": "0001-01-01T00:00:00Z", |
| "aliases": [ |
| "CVE-2022-29222", |
| "GHSA-w45j-f832-hxvh" |
| ], |
| "details": "Client-provided certificates are not correctly validated,\nand must not be trusted.\n\nDTLS client certificates must be accompanied by proof that the client\npossesses the private key for the certificate. The Pion DTLS server\naccepted client certificates unaccompanied by this proof, permitting\nan attacker to present any certificate and have it accepted as valid.\n", |
| "affected": [ |
| { |
| "package": { |
| "name": "github.com/pion/dtls/v2", |
| "ecosystem": "Go" |
| }, |
| "ranges": [ |
| { |
| "type": "SEMVER", |
| "events": [ |
| { |
| "introduced": "0" |
| }, |
| { |
| "fixed": "2.1.5" |
| } |
| ] |
| } |
| ], |
| "database_specific": { |
| "url": "https://pkg.go.dev/vuln/GO-2022-0462" |
| }, |
| "ecosystem_specific": { |
| "imports": [ |
| { |
| "path": "github.com/pion/dtls/v2", |
| "symbols": [ |
| "Client", |
| "ClientWithContext", |
| "Dial", |
| "DialWithContext", |
| "Resume", |
| "Server", |
| "ServerWithContext", |
| "flight4Parse", |
| "handshakeFSM.Run", |
| "listener.Accept" |
| ] |
| } |
| ] |
| } |
| } |
| ], |
| "references": [ |
| { |
| "type": "FIX", |
| "url": "https://github.com/pion/dtls/commit/d2f797183a9f044ce976e6df6f362662ca722412" |
| }, |
| { |
| "type": "WEB", |
| "url": "https://github.com/pion/dtls/security/advisories/GHSA-w45j-f832-hxvh" |
| } |
| ] |
| } |
