scandium: Failing DTLS handshakes may cause throttling to block processing of records

A flaw was found in the Eclipse Californium Scandium package. This issue occurs when failing handshakes don't clean up counters for throttling, causing the threshold to be reached without being released again, resulting in a denial of service. An attacker could submit a high quantity of server...

Important: Red Hat Security Advisory: Red Hat Integration Camel K 1.10.1 release security update

Red Hat Integration Camel K 1.10.1 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Important. A security update for Camel K 1.10.1 is now...

scandium: Failing DTLS handshakes may cause throttling to block processing of records

A flaw was found in the Eclipse Californium Scandium package. This issue occurs when failing handshakes don't clean up counters for throttling, causing the threshold to be reached without being released again, resulting in a denial of service. An attacker could submit a high quantity of server...

CVE-2022-39368

A flaw was found in the Eclipse Californium Scandium package. This issue occurs when failing handshakes don't clean up counters for throttling, causing the threshold to be reached without being released again, resulting in a denial of service. An attacker could submit a high quantity of server...

Denial Of Service (DoS)

Scandium Sc Core is vulnerable to Denial Of Service DoS. The vulnerability exists due to the improper reseting of the pending inbound jobs counter after failing handshakes, which triggers incorrect throttling behavior resulting in permanent records dropped...

org.apache.camel.karaf:camel-coap (>=4.7.0 <=4.18.2), org.apache.camel.quarkus:camel-quarkus-coap (>=3.8.0 <=3.36.0) +32 more potentially affected by CVE-2022-39368 via org.eclipse.californium:scandium (>=3.0.0 <=3.6.0)

org.eclipse.californium:scandium MAVEN version =3.0.0, =4.7.0, =3.8.0, =3.8.0, =3.8.0, =4.4.0, =4.4.0, =3.0.0, =3.0.0, =3.0.0, =3.12.0, =2.0.0, =2.0.0-M6, =2.0.0-M6, =2.0.0-M6, =2.0.0-M6, =2.0.0-M15 and more Source cves: CVE-2022-39368 Source advisory: OSV:GHSA-P72G-CGH9-GHJG...

org.apache.camel.quarkus:camel-quarkus-coap (>=2.13.1 <=2.15.0), org.apache.camel.quarkus:camel-quarkus-coap-deployment (>=2.13.1 <=2.15.0) +16 more potentially affected by CVE-2022-39368 via org.eclipse.californium:scandium (>=2.7.0 <=2.7.3)

org.eclipse.californium:scandium MAVEN version =2.7.0, =2.13.1, =2.13.1, =2.13.1, =3.18.3, =3.18.3, =2.7.0, =2.7.0, =2.7.0, =1.10.1, =1.10.1, =1.10.1, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.1 and more Source cves: CVE-2022-39368 Source advisory: OSV:GHSA-P72G-CGH9-GHJG...

Denial Of Service

Scandium is vulnerable to Denial of Serivice. The DTLS stack is not implemented correctly, leading to an amplification attack using resumption handshakes...

Denial Of Service (DoS)

scandium is vulnerable to denial of service. Failing to negotiation TLS parameter for a certificate based DTLS handshake causes future certificate based handshakes to fail until a restart...