CVE-2020-27222

In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshake failure with TLS parameter mismatch. The DTLS server side must be restarted to recover this. This allow clients to force a DoS.
References
Link Resource
https://bugs.eclipse.org/bugs/show_bug.cgi?id=570844 Permissions Required Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:eclipse:californium:*:*:*:*:*:*:*:*

Information

Published : 2021-02-03 04:15

Updated : 2021-02-09 03:21


NVD link : CVE-2020-27222

Mitre link : CVE-2020-27222

Products Affected
No products.