Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0.
CVSS Information
N/A
Vulnerability Type
不正确的行为次序:早期放大攻击
Vulnerability Title
Eclipse Californium 安全漏洞
Vulnerability Description
Eclipse Californium是Eclipse基金会的一款基于Java的为物联网提供Coap后端支持的代码库。 Eclipse Californium 2.0.0版本至2.7.2版本、3.0.0版本至3.5.0版本存在安全漏洞,该漏洞源于 DTLS 堆栈容易受到拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A