Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-wfcg-xg9m-fp2f

GitHub Security Advisory

⚠ Unreviewed HIGH Has CVE
View on GitHub

Advisory Details

In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because it sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshakes failure with TLS parameter mismatch. The server must be restarted to recover this. This allow clients to force a DoS.

Related CVEs

CVE-2020-27222

Key Information

GHSA ID
GHSA-wfcg-xg9m-fp2f
Published
May 24, 2022 5:40 PM
Last Modified
May 24, 2022 5:40 PM
CVSS Score
7.5 /10
Primary Ecosystem
Unknown
Primary Package
Unknown
GitHub Reviewed
✗ No

Dataset

Last updated: November 26, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.