VDB
CVE-2020-27222
CVE-2020-27222
PUBLISHED
CVSS 7.5 HIGH
In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because it sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshakes failure with TLS parameter mismatch. The server must be restarted to recover this. This allow clients to force a DoS.
EPSS 0.23% · 45.5th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.23%
45.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| eclipse | californium | 2.3.0 |
| The Eclipse Foundation | Eclipse Californium | * |
Exploit Intelligence
- CIRCL seen: CVE-2020-27222 (circl-sighting)
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=570844 (circl)
Timeline
- Feb 3, 2021 CVE Published
- Feb 3, 2021 PoC Published
- Feb 9, 2021 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score