CVE-2022-2576 - Vulnerability Details - OpenCVE

In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00204.

Key SSVC decision points have not yet been added.

Vendors	Products
Eclipse	Californium

Configuration 1 [-]

OR	cpe:2.3:a:eclipse:californium::::::::
	cpe:2.3:a:eclipse:californium::::::::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-6404	In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0.
Github GHSA	GHSA-qq3j-44gw-cf6r	Eclipse Californium denial of service (DoS) via Datagram Transport Layer Security (DTLS) handshake on parameter mismatch

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://bugs.eclipse.org/580018

History

No history.

MITRE

Status: PUBLISHED

Assigner: eclipse

Published: 2022-07-29T13:20:10

Updated: 2024-08-03T00:39:08.153Z

Reserved: 2022-07-29T00:00:00

Link: CVE-2022-2576

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-07-29T14:15:08.177

Modified: 2024-11-21T07:01:16.637

Link: CVE-2022-2576

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "Eclipse Californium", "vendor": "The Eclipse Foundation", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "2.0.0", "versionType": "custom"}, {"lessThanOrEqual": "2.7.2", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "3.0.0", "versionType": "custom"}, {"lessThanOrEqual": "3.5.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-408", "description": "CWE-408: Incorrect Behavior Order: Early Amplification", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-29T13:20:10", "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.eclipse.org/580018"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@eclipse.org", "ID": "CVE-2022-2576", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Eclipse Californium", "version": {"version_data": [{"version_affected": ">=", "version_value": "2.0.0"}, {"version_affected": "<=", "version_value": "2.7.2"}, {"version_affected": ">=", "version_value": "3.0.0"}, {"version_affected": "<=", "version_value": "3.5.0"}]}}]}, "vendor_name": "The Eclipse Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-408: Incorrect Behavior Order: Early Amplification"}]}]}, "references": {"reference_data": [{"name": "https://bugs.eclipse.org/580018", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/580018"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:39:08.153Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.eclipse.org/580018"}]}]}, "cveMetadata": {"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "cveId": "CVE-2022-2576", "datePublished": "2022-07-29T13:20:10", "dateReserved": "2022-07-29T00:00:00", "dateUpdated": "2024-08-03T00:39:08.153Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:californium:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7FB01D5-BA10-4357-9F61-F56D244CA986", "versionEndIncluding": "2.7.2", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:californium:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C28E170-E7E3-4E2D-9A4F-E65EF4F81678", "versionEndIncluding": "3.5.0", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0."}, {"lang": "es", "value": "En Eclipse Californium versiones 2.0.0 a 2.7.2 y 3.0.0-3.5.0, un handshake de reanudaci\u00f3n DTLS retrocede a un handshake completo DTLS en caso de desajuste de par\u00e1metros sin usar un HelloVerifyRequest. Especialmente, si es usado con suites de cifrado basadas en certificados, eso resulta en una amplificaci\u00f3n de mensajes (DDoS otros pares) y alta carga de CPU (DoS propio par). El comportamiento inapropiado ocurre s\u00f3lo con valores de DTLS_VERIFY_PEERS_ON_THRESHOLD mayores que 0"}], "id": "CVE-2022-2576", "lastModified": "2024-11-21T07:01:16.637", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-29T14:15:08.177", "references": [{"source": "emo@eclipse.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugs.eclipse.org/580018"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugs.eclipse.org/580018"}], "sourceIdentifier": "emo@eclipse.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-408"}], "source": "emo@eclipse.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}