Denial of Service Vulnerability in Eclipse Californium by Eclipse
CVE-2020-27222

7.5HIGH

Key Information:

Vendor: The Eclipse Foundation
Status: Eclipse Californium
Vendor: CVE Published:; 3 February 2021

🔔 Create The Eclipse Foundation Vulnerability Alert

What is CVE-2020-27222?

A vulnerability in Eclipse Californium versions 2.3.0 to 2.6.0 allows a Denial of Service (DoS) condition due to a failure in the certificate-based DTLS handshake process. The issue arises because the DTLS server maintains an erroneous internal state following a failed handshake due to a mismatch in TLS parameters. Consequently, clients can exploit this failure to force the DTLS server into a DoS state, necessitating a restart for recovery. Proper updates and mitigations are essential to protect against this security threat.

Affected Version(s)

Eclipse Californium [2.3.0, 2.6.0]

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=570844

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2021
Vulnerability Reserved
Oct 19, 2020