What is CVE-2020-27222?

CVE-2020-27222 is a vulnerability in The Eclipse Foundation Californium, classified under CWE-372. Published 2021-02-03.

Is CVE-2020-27222 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in The Eclipse Foundation Californium

CVE-2020-27222

In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. That wrong internal state is set by a previous certifica…

EPSS: 0.002 (45.5th percentile) — read the EPSS interpretation.

Affected products

The Eclipse Foundation Californium — versions [2.3.0, 2.6.0]

Weakness classification (CWE)

CWE-372

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

bugs.eclipse.org/bugs/show_bug.cgi (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-27222?: CVE-2020-27222 is a vulnerability in The Eclipse Foundation Californium, classified under CWE-372. Published 2021-02-03.
Is CVE-2020-27222 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.