29 matches found
EUVD-2021-21089
Malware in sbrugna...
EUVD-2020-19737
Malware in sbrugna...
EUVD-2022-7396
Malicious code in bioql PyPI...
EUVD-2022-6404
Malicious code in bioql PyPI...
CVE-2022-2576
In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification DDoS other peer...
CVE-2021-34433
In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based x509 and RPK DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange...
scandium: Failing DTLS handshakes may cause throttling to block processing of records
A flaw was found in the Eclipse Californium Scandium package. This issue occurs when failing handshakes don't clean up counters for throttling, causing the threshold to be reached without being released again, resulting in a denial of service. An attacker could submit a high quantity of server...
CVE-2022-39368
Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don't cleanup counters for throttling, causing the threshold to be reached...
Design/Logic Flaw
Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don't cleanup counters for throttling, causing the threshold to be reached...
Eclipse Californium 安全漏洞
Eclipse Californium is a Java-based codebase from the Eclipse Foundation that provides Coap backend support for the Internet of Things. A security vulnerability exists in Eclipse Californium versions prior to 3.7.0 and 2.7.4, which stems from a handshake that does not clean up PSKs that fail the...
CVE-2022-39368
CVE-2022-39368 affects Eclipse Californium (Java CoAP) versions prior to 3.7.0 and 2.7.4. The root cause is that failing DTLS handshakes do not clean up throttling counters, allowing the threshold to be reached and never released, which can lead to a denial of service by permanently dropping reco...
CVE-2022-39368 Californium Failing DTLS handshakes causes Data Loss due to throttling blocking processing of records
Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don't cleanup counters for throttling, causing the threshold to be reached...
CVE-2022-39368 Californium Failing DTLS handshakes causes Data Loss due to throttling blocking processing of records
Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don't cleanup counters for throttling, causing the threshold to be reached...
Eclipse Californium denial of service (DoS) via Datagram Transport Layer Security (DTLS) handshake on parameter mismatch
In Eclipse Californium versions 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification DDoS other pee...
GHSA-QQ3J-44GW-CF6R Eclipse Californium denial of service (DoS) via Datagram Transport Layer Security (DTLS) handshake on parameter mismatch
In Eclipse Californium versions 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification DDoS other pee...
CVE-2022-2576
In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification DDoS other peer...
CVE-2022-2576
In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification DDoS other peer...
Design/Logic Flaw
In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification DDoS other peer...
CVE-2022-2576
In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification DDoS other peer...
Eclipse Californium 安全漏洞
Eclipse Californium is a Java-based codebase from the Eclipse Foundation that provides Coap backend support for the Internet of Things. A security vulnerability exists in Eclipse Californium versions 2.0.0 through 2.7.2 and 3.0.0 through 3.5.0, which stems from the vulnerability of the DTLS stack...