Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-39368

Published: 10/11/2022 Updated: 17/11/2022
CVSS v3 Base Score: 8.2 | Impact Score: 4.2 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Californium

Vulnerability Summary

Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions before 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don't cleanup counters for throttling, causing the threshold to be reached without being released again. This results in permanently dropping records. The issue was reported for certificate based handshakes, but may also affect PSK based handshakes. It generally affects client and server as well. This issue is patched in version 3.7.0 and 2.7.4. There are no known workarounds. main: commit 726bac57659410da463dcf404b3e79a7312ac0b9 2.7.x: commit 5648a0c27c2c2667c98419254557a14bac2b1f3f

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

eclipse californium

Vendor Advisories

Red Hat: Important: Red Hat Integration Camel K 1.10.1 release security update
Synopsis Important: Red Hat Integration Camel K 1101 release security update Type/Severity Security Advisory: Important Topic Red Hat Integration Camel K 1101 release and security update is now available The purpose of this text-only errata is to inform you about the security issues fixed Red Hat Product Security has rated this update a ...
Red Hat:
Description<!---->A flaw was found in the Eclipse Californium Scandium package This issue occurs when failing handshakes don't clean up counters for throttling, causing the threshold to be reached without being released again, resulting in a denial of service An attacker could submit a high quantity of server requests, leaving the server unable t ...

References

CWE-404CWE-459https://github.com/eclipse-californium/californium/security/advisories/GHSA-p72g-cgh9-ghjghttps://github.com/eclipse-californium/californium/commit/5648a0c27c2c2667c98419254557a14bac2b1f3fhttps://github.com/eclipse-californium/californium/commit/726bac57659410da463dcf404b3e79a7312ac0b9https://access.redhat.com/errata/RHSA-2023:3906https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2022-39368
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook