Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Certificate Validation in Pion DTLS
Vulnerability Description
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wouldn't reject it. This issue affects users that are using Client certificates only. The connection itself is still secure. The Certificate provided by clients can't be trusted when using a Pion DTLS server prior to version 2.1.5. Users should upgrade to version 2.1.5 to receive a patch. There are currently no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
证书验证不恰当
Vulnerability Title
Pion DTLS 信任管理问题漏洞
Vulnerability Description
Pion DTLS是一款基于Go语言的DTLS(数据包传输层安全性协议)实现。 Pion DTLS 2.1.5之前版本存在信任管理问题漏洞,该漏洞源于DTLS 客户端可以提供它不拥有私钥的证书,而且Pion DTLS 不会拒绝该证书。
CVSS Information
N/A
Vulnerability Type
N/A