How severe is CVE-2020-27222?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2020-27222?

This is classified as CWE-372, which is a common weakness in software security.

CVE-2020-27222 - HIGH Severity | CVSS 7.5

Vulnerability Description

In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshake failure with TLS parameter mismatch. The DTLS server side must be restarted to recover this. This allow clients to force a DoS.

Related Vulnerabilities

CVE-2023-4012

HIGH

CVSS:7.5(High)

ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3).

CWE-3722023

CVE-2021-25735

MEDIUM

CVSS:6.5(Medium)

A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admi...

CWE-3722021

CVE-2023-36834

MEDIUM

CVSS:6.5(Medium)

An Incomplete Internal State Distinction vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series allows an adjacent attacker to cause a Denial ...

CWE-3722023

CVE-2024-22590

CRITICAL

CVSS:9.1(Critical)

The TLS engine in Kwik commit 745fd4e2 does not track the current state of the connection. This vulnerability can allow Client Hello messages to be overwritten at any time, including after a connectio...

CWE-3722024

CVE-2024-22590

CRITICAL

CVSS:9.1(Critical)

CWE-3722024

CVE-2023-4012

HIGH

CVSS:7.5(High)

ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3).

CWE-3722023