CVE-2022-2576 - Vulnerability Details - OpenCVE

In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Eclipse	Californium

Configuration 1 [-]

OR	cpe:2.3:a:eclipse:californium::::::::
	cpe:2.3:a:eclipse:californium::::::::

No data.

References

Link	Providers
https://bugs.eclipse.org/580018

History

No history.

MITRE

Status: PUBLISHED

Assigner: eclipse

Published: 2022-07-29T13:20:10

Updated: 2024-08-03T00:39:08.153Z

Reserved: 2022-07-29T00:00:00

Link: CVE-2022-2576

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-07-29T14:15:08.177

Modified: 2024-11-21T07:01:16.637

Link: CVE-2022-2576

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Eclipse Californium", "vendor": "The Eclipse Foundation", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "2.0.0", "versionType": "custom"}, {"lessThanOrEqual": "2.7.2", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "3.0.0", "versionType": "custom"}, {"lessThanOrEqual": "3.5.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-408", "description": "CWE-408: Incorrect Behavior Order: Early Amplification", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-29T13:20:10", "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.eclipse.org/580018"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@eclipse.org", "ID": "CVE-2022-2576", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Eclipse Californium", "version": {"version_data": [{"version_affected": ">=", "version_value": "2.0.0"}, {"version_affected": "<=", "version_value": "2.7.2"}, {"version_affected": ">=", "version_value": "3.0.0"}, {"version_affected": "<=", "version_value": "3.5.0"}]}}]}, "vendor_name": "The Eclipse Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-408: Incorrect Behavior Order: Early Amplification"}]}]}, "references": {"reference_data": [{"name": "https://bugs.eclipse.org/580018", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/580018"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:39:08.153Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.eclipse.org/580018"}]}]}, "cveMetadata": {"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "cveId": "CVE-2022-2576", "datePublished": "2022-07-29T13:20:10", "dateReserved": "2022-07-29T00:00:00", "dateUpdated": "2024-08-03T00:39:08.153Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:californium:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7FB01D5-BA10-4357-9F61-F56D244CA986", "versionEndIncluding": "2.7.2", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:californium:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C28E170-E7E3-4E2D-9A4F-E65EF4F81678", "versionEndIncluding": "3.5.0", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0."}, {"lang": "es", "value": "En Eclipse Californium versiones 2.0.0 a 2.7.2 y 3.0.0-3.5.0, un handshake de reanudaci\u00f3n DTLS retrocede a un handshake completo DTLS en caso de desajuste de par\u00e1metros sin usar un HelloVerifyRequest. Especialmente, si es usado con suites de cifrado basadas en certificados, eso resulta en una amplificaci\u00f3n de mensajes (DDoS otros pares) y alta carga de CPU (DoS propio par). El comportamiento inapropiado ocurre s\u00f3lo con valores de DTLS_VERIFY_PEERS_ON_THRESHOLD mayores que 0"}], "id": "CVE-2022-2576", "lastModified": "2024-11-21T07:01:16.637", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-29T14:15:08.177", "references": [{"source": "emo@eclipse.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugs.eclipse.org/580018"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugs.eclipse.org/580018"}], "sourceIdentifier": "emo@eclipse.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-408"}], "source": "emo@eclipse.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}