Back to search
CVE-2020-27222
Published: Feb 3, 2021
Modified: Aug 4, 2024
PUBLISHED
Description
In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshake failure with TLS parameter mismatch. The DTLS server side must be restarted to recover this. This allow clients to force a DoS.
| Vendor | Product | Versions |
|---|---|---|
The Eclipse Foundation | Eclipse Californium | affected [2.3.0, 2.6.0] |
Weaknesses (CWE)
References
https://bugs.eclipse.org/bugs/show_bug.cgi?id=570844
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now