CVE-2022-2576
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0.
En Eclipse Californium versiones 2.0.0 a 2.7.2 y 3.0.0-3.5.0, un handshake de reanudación DTLS retrocede a un handshake completo DTLS en caso de desajuste de parámetros sin usar un HelloVerifyRequest. Especialmente, si es usado con suites de cifrado basadas en certificados, eso resulta en una amplificación de mensajes (DDoS otros pares) y alta carga de CPU (DoS propio par). El comportamiento inapropiado ocurre sólo con valores de DTLS_VERIFY_PEERS_ON_THRESHOLD mayores que 0
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-07-29 CVE Reserved
- 2022-07-29 CVE Published
- 2024-02-19 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-408: Incorrect Behavior Order: Early Amplification
CAPEC
References (1)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Eclipse Search vendor "Eclipse" | Californium Search vendor "Eclipse" for product "Californium" | >= 2.0.0 <= 2.7.2 Search vendor "Eclipse" for product "Californium" and version " >= 2.0.0 <= 2.7.2" | - |
Affected
| ||||||
| Eclipse Search vendor "Eclipse" | Californium Search vendor "Eclipse" for product "Californium" | >= 3.0.0 <= 3.5.0 Search vendor "Eclipse" for product "Californium" and version " >= 3.0.0 <= 3.5.0" | - |
Affected
| ||||||