CVE-2020-27222
californium-core: DTLS - DoS vulnerability for certificate based handshakes
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshake failure with TLS parameter mismatch. The DTLS server side must be restarted to recover this. This allow clients to force a DoS.
En Eclipse Californium versiones 2.3.0 hasta 2.6.0, los protocolos de enlace DTLS basados ??en certificados (x509 y RPK) cometen un fallo accidentalmente, porque el lado del servidor DTLS se adhiere a un estado interno equivocado. Ese estado interno equivocado es ajustado por medio de un fallo de protocolo de enlace DTLS basada en un certificado anterior con una falta de coincidencia de los parĂ¡metros TLS. El lado del servidor DTLS debe reiniciarse para recuperar esto. Esto permite a clientes forzar una DoS
A flaw was found in californium. The certificate based (x509 and RPK) DTLS handshakes fails due to the DTLS server side being set to a wrong internal state by a previous certificate based DTLS handshake failure with TLS parameter mismatch. The highest threat from this vulnerability is to system availability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-10-19 CVE Reserved
- 2021-02-03 CVE Published
- 2023-10-20 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-372: Incomplete Internal State Distinction
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2020-27222 | 2021-08-18 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1930230 | 2021-08-18 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Eclipse Search vendor "Eclipse" | Californium Search vendor "Eclipse" for product "Californium" | >= 2.3.0 <= 2.6.0 Search vendor "Eclipse" for product "Californium" and version " >= 2.3.0 <= 2.6.0" | - |
Affected
|