CVE-2020-27222: Uncontrolled Resource Consumption

February 3, 2021 (updated February 9, 2021)

In Eclipse Californium to, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshake failure with TLS parameter mismatch. The DTLS server side must be restarted to recover this.

References

bugs.eclipse.org/bugs/show_bug.cgi?id=570844
nvd.nist.gov/vuln/detail/CVE-2020-27222

Code Behaviors & Features

Detect and mitigate CVE-2020-27222 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →