cvelist/2022/2xxx/CVE-2022-2576.json

{
  "data_type": "CVE",
  "data_format": "MITRE",
  "data_version": "4.0",
  "CVE_data_meta": {
      "ID": "CVE-2022-2576",
      "ASSIGNER": "security@eclipse.org",
      "STATE": "PUBLIC"
  },
  "affects": {
      "vendor": {
          "vendor_data": [
              {
                  "vendor_name": "The Eclipse Foundation",
                  "product": {
                      "product_data": [
                          {
                              "product_name": "Eclipse Californium",
                              "version": {
                                  "version_data": [
                                      {
                                          "version_affected": ">=",
                                          "version_value": "2.0.0"
                                      },
                                      {
                                          "version_affected": "<=",
                                          "version_value": "2.7.2"
                                      },
                                      {
                                          "version_affected": ">=",
                                          "version_value": "3.0.0"
                                      },
                                      {
                                          "version_affected": "<=",
                                          "version_value": "3.5.0"
                                      }
                                  ]
                              }
                          }
                      ]
                  }
              }
          ]
      }
  },
  "description": {
      "description_data": [
          {
              "lang": "eng",
              "value": "In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0."
          }
      ]
  },
  "problemtype": {
      "problemtype_data": [
          {
              "description": [
                  {
                      "lang": "eng",
                      "value": "CWE-408: Incorrect Behavior Order: Early Amplification"
                  }
              ]
          }
      ]
  },
  "references": {
      "reference_data": [
          {
              "name": "https://bugs.eclipse.org/580018",
              "refsource": "CONFIRM",
              "url": "https://bugs.eclipse.org/580018"
          }
      ]
  }
}
"-Synchronized-Data." 2022-07-29 12:00:47 +00:00			`{`
CVE-2022-2576 Signed-off-by: Mikaël Barbero <mikael.barbero@eclipse-foundation.org> 2022-07-29 14:05:16 +02:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"data_version": "4.0",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2022-2576",`
			`"ASSIGNER": "security@eclipse.org",`
			`"STATE": "PUBLIC"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "The Eclipse Foundation",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Eclipse Californium",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": ">=",`
			`"version_value": "2.0.0"`
			`},`
			`{`
			`"version_affected": "<=",`
			`"version_value": "2.7.2"`
			`},`
			`{`
			`"version_affected": ">=",`
			`"version_value": "3.0.0"`
			`},`
			`{`
			`"version_affected": "<=",`
			`"version_value": "3.5.0"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
			`"value": "In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0."`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-408: Incorrect Behavior Order: Early Amplification"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://bugs.eclipse.org/580018",`
			`"refsource": "CONFIRM",`
			`"url": "https://bugs.eclipse.org/580018"`
			`}`
			`]`
			`}`
"-Synchronized-Data." 2022-07-29 12:00:47 +00:00			`}`