CVE-2020-27222

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-27222
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27222.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-27222
Published
2021-02-03T16:15:13Z
Modified
2024-06-06T13:13:33.938921Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshake failure with TLS parameter mismatch. The DTLS server side must be restarted to recover this. This allow clients to force a DoS.

References

Affected packages

Git / github.com/eclipse/californium

Affected ranges

Type
GIT
Repo
https://github.com/eclipse/californium
Events

Affected versions

2.*

2.3.0
2.4.0
2.5.0
2.6.0