Vulnerability in The Eclipse Foundation Californium
CVE-2022-2576
In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher sui…
EPSS: 0.002 (42.4th percentile) — read the EPSS interpretation.
Affected products
- The Eclipse Foundation Californium — versions 2.0.0, unspecified, 3.0.0
Weakness classification (CWE)
References
- bugs.eclipse.org/580018 (x_refsource_CONFIRM)