2 matches found
io.github.xiaomisum:ryze-coap (=6.1.0), org.apache.camel.karaf:camel-coap (>=4.7.0 <=4.18.2) +34 more potentially affected by CVE-2022-2576 via org.eclipse.californium:californium-core (>=3.0.0 <=3.5.0)
org.eclipse.californium:californium-core MAVEN version =3.0.0, =4.7.0, =3.8.0, =3.8.0, =3.8.0, =4.4.0, =4.4.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.12.0, =2.0.0, =2.0.0-M6, =2.0.0-M15 and more Source cves: CVE-2022-2576 Source advisory: OSV:GHSA-QQ3J-44GW-CF6R...
CVE-2022-2576
In Eclipse Californium, CVE-2022-2576 affects versions 2.0.0–2.7.2 and 3.0.0–3.5.0. The DTLS resumption handshake can fall back to a full DTLS handshake on parameter mismatch without a HelloVerifyRequest, which, when used with certificate-based cipher suites, enables message amplification that ca...