ID

VAR-202207-2077


CVE

CVE-2022-2576


TITLE

Eclipse Foundation  of  Californium  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-014167

DESCRIPTION

In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0. Eclipse Foundation of Californium Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Eclipse Californium is a Java-based code library that provides Coap backend support for the Internet of Things from the Eclipse Foundation. Eclipse Californium versions 2.0.0 to 2.7.2, and 3.0.0 to 3.5.0 have security vulnerabilities due to the vulnerability of the DTLS stack to denial of service attacks

Trust: 2.25

sources: NVD: CVE-2022-2576 // JVNDB: JVNDB-2022-014167 // CNNVD: CNNVD-202207-2765 // VULMON: CVE-2022-2576

AFFECTED PRODUCTS

vendor:eclipsemodel:californiumscope:lteversion:2.7.2

Trust: 1.0

vendor:eclipsemodel:californiumscope:gteversion:3.0.0

Trust: 1.0

vendor:eclipsemodel:californiumscope:lteversion:3.5.0

Trust: 1.0

vendor:eclipsemodel:californiumscope:gteversion:2.0.0

Trust: 1.0

vendor:eclipsemodel:californiumscope: - version: -

Trust: 0.8

vendor:eclipsemodel:californiumscope:eqversion:2.0.0 to 2.7.2

Trust: 0.8

vendor:eclipsemodel:californiumscope:eqversion:3.0.0 to 3.5.0

Trust: 0.8

vendor:eclipsemodel:californiumscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-014167 // NVD: CVE-2022-2576

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-2576
value: HIGH

Trust: 1.0

NVD: CVE-2022-2576
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202207-2765
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-2576
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-2576
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-014167 // CNNVD: CNNVD-202207-2765 // NVD: CVE-2022-2576

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-408

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-014167 // NVD: CVE-2022-2576

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-2765

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202207-2765

PATCH

title:Eclipse Californium Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=203351

Trust: 0.6

sources: CNNVD: CNNVD-202207-2765

EXTERNAL IDS

db:NVDid:CVE-2022-2576

Trust: 3.3

db:JVNDBid:JVNDB-2022-014167

Trust: 0.8

db:CNNVDid:CNNVD-202207-2765

Trust: 0.6

db:VULMONid:CVE-2022-2576

Trust: 0.1

sources: VULMON: CVE-2022-2576 // JVNDB: JVNDB-2022-014167 // CNNVD: CNNVD-202207-2765 // NVD: CVE-2022-2576

REFERENCES

url:https://bugs.eclipse.org/580018

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-2576

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-2576/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2022-2576 // JVNDB: JVNDB-2022-014167 // CNNVD: CNNVD-202207-2765 // NVD: CVE-2022-2576

SOURCES

db:VULMONid:CVE-2022-2576
db:JVNDBid:JVNDB-2022-014167
db:CNNVDid:CNNVD-202207-2765
db:NVDid:CVE-2022-2576

LAST UPDATE DATE

2024-08-14T14:49:41.440000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2022-2576date:2022-07-29T00:00:00
db:JVNDBid:JVNDB-2022-014167date:2023-09-14T08:14:00
db:CNNVDid:CNNVD-202207-2765date:2022-08-10T00:00:00
db:NVDid:CVE-2022-2576date:2022-08-05T16:13:48.700

SOURCES RELEASE DATE

db:VULMONid:CVE-2022-2576date:2022-07-29T00:00:00
db:JVNDBid:JVNDB-2022-014167date:2023-09-14T00:00:00
db:CNNVDid:CNNVD-202207-2765date:2022-07-29T00:00:00
db:NVDid:CVE-2022-2576date:2022-07-29T14:15:08.177