CVE-2020-27222

Uncontrolled Resource Consumption in maven/org.eclipse.californium/californium-core

Identifier

CVE-2020-27222

Package Slug

maven/org.eclipse.californium/californium-core

Vulnerability

Uncontrolled Resource Consumption

Description

In Eclipse Californium to, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshake failure with TLS parameter mismatch. The DTLS server side must be restarted to recover this.

Affected Versions

All versions starting from 2.3.0 up to 2.6.0

Solution

Upgrade to version 2.6.1 or above.

Last Modified

2021-02-10

source