vulnerability
Ubuntu: (Multiple Advisories) (CVE-2022-29222): Snowflake vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | May 21, 2022 | Jan 20, 2026 | Jan 21, 2026 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
May 21, 2022
Added
Jan 20, 2026
Modified
Jan 21, 2026
Description
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wouldn't reject it. This issue affects users that are using Client certificates only. The connection itself is still secure. The Certificate provided by clients can't be trusted when using a Pion DTLS server prior to version 2.1.5. Users should upgrade to version 2.1.5 to receive a patch. There are currently no known workarounds.
Solutions
ubuntu-pro-upgrade-snowflake-clientubuntu-pro-upgrade-snowflake-proxyubuntu-pro-upgrade-telegraf
References
- CVE-2022-29222
- https://attackerkb.com/topics/CVE-2022-29222
- CWE-295
- UBUNTU-USN-7966-1
- UBUNTU-USN-7966-2
- URL-https://github.com/pion/dtls/commit/d2f797183a9f044ce976e6df6f362662ca722412
- URL-https://github.com/pion/dtls/releases/tag/v2.1.5
- URL-https://github.com/pion/dtls/security/advisories/GHSA-w45j-f832-hxvh
- URL-https://ubuntu.com/security/notices/USN-7966-1
- URL-https://ubuntu.com/security/notices/USN-7966-2
- URL-https://www.cve.org/CVERecord?id=CVE-2022-29222
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.