VYPR

Maven package

org.eclipse.californium/californium-core

pkg:maven/org.eclipse.californium/californium-core

Vulnerabilities (1)

  • CVE-2022-2576Jul 29, 2022
    affected >= 2.0.0, < 2.7.3fixed 2.7.3

    In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplificatio