VYPR

Californium

by Eclipse

Source repositories

CVEs (4)

  • CVE-2022-39368Nov 9, 2022
    risk 0.00cvss epss 0.01

    Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don't cleanup counters for throttling, causing the…

  • CVE-2022-2576Jul 29, 2022
    risk 0.00cvss epss 0.01

    In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message…

  • CVE-2021-34433Aug 20, 2021
    risk 0.00cvss epss 0.00

    In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's…

  • CVE-2020-27222Feb 3, 2021
    risk 0.00cvss epss 0.01

    In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshake failure with TLS…