CVE-2022-29222

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-29222
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-29222.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-29222
Aliases
Downstream
Published
2022-05-21T00:00:15Z
Modified
2025-12-04T10:20:40.283607Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Improper Certificate Validation in Pion DTLS
Details

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wouldn't reject it. This issue affects users that are using Client certificates only. The connection itself is still secure. The Certificate provided by clients can't be trusted when using a Pion DTLS server prior to version 2.1.5. Users should upgrade to version 2.1.5 to receive a patch. There are currently no known workarounds.

Database specific 
{
    "cwe_ids": [
        "CWE-295"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/29xxx/CVE-2022-29222.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/pion/dtls

Affected ranges

Type
GIT
Repo
https://github.com/pion/dtls
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d2f797183a9f044ce976e6df6f362662ca722412

Affected versions

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.1.0
v1.1.1
v1.2.1
v1.2.2
v1.2.3
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.4.0
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.5.4

v2.*

v2.0.0
v2.0.0-rc.1
v2.0.0-rc.10
v2.0.0-rc.2
v2.0.0-rc.3
v2.0.0-rc.4
v2.0.0-rc.5
v2.0.0-rc.6
v2.0.0-rc.7
v2.0.0-rc.8
v2.0.0-rc.9
v2.0.1
v2.0.10
v2.0.11
v2.0.12
v2.0.13
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.0.8
v2.0.9
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.1.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-29222.json"