Eclipse Californium DTLS Resumption Misbehavior Leads to DoS (2.0.0-3.5.0)
CVE-2022-2576 Published on July 29, 2022
In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0.
Weakness Type
Incorrect Behavior Order: Early Amplification
The software allows an entity to perform a legitimate but expensive operation before authentication or authorization has taken place.
Products Associated with CVE-2022-2576
Want to know whenever a new CVE is published for Eclipse Californium? stack.watch will email you.
Affected Versions
The Eclipse Foundation Eclipse Californium:- Version 2.0.0 and below unspecified is affected.
- Version unspecified, <= 2.7.2 is affected.
- Version 3.0.0 and below unspecified is affected.
- Version unspecified, <= 3.5.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.