GHSA-p72g-cgh9-ghjg · 深刻度: high · エコシステム: maven — Failing DTLS handshakes may cause throttling to block processing of records
Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don't cleanup counters for throttling, causing the threshold to be reached without being released again. This results in permanently dropping records. The issue was reported for certificate based handshakes, but may also affect PSK based handshakes. It generally affects client and server as well. This issue is patched in version 3.7.0 and 2.7.4. There are no known workarounds. main: commit 726bac57659410da463dcf404b3e79a7312ac0b9 2.7.x: commit 5648a0c27c2c2667c98419254557a14bac2b1f3f
総合評価: CVE-2022-39368 は中リスク(47.8/100)。CVSS 深刻度は高。悪用される可能性が高い(EPSS 0.55%、42 パーセンタイル) 推奨対応: 影響資産を整理し、修補計画に組み込んでください。
リスクは変動します。再評価に基づき、本ページの表示内容を更新しています。
EPSS は日次で悪用されやすさの相対度合いを推定します。パーセンタイルは採点済み CVE の中での相対位置(高いほど相対的に深刻)を示します。
| # | 日付 | 旧 EPSS スコア | 新 EPSS スコア | Δ(新 − 旧) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.10% | 0.55% | +0.45% |
| 2 | 2025-11-21 | 0.27% | 0.10% | -0.17% |
| 3 | 2025-11-18 | — | 0.27% | — |
EPSS の全履歴 (全 7 件)
この CVE の CVSS 指標。
| ベーススコア | バージョン | 深刻度 | ベクトル | 悪用しやすさ | 影響 | スコアの出典 |
|---|---|---|---|---|---|---|
| 8.2 | 3.1 | HIGH |
|
3.9 | 4.2 | [email protected] |
| 8.2 | 3.1 | HIGH |
|
3.9 | 4.2 | [email protected] |
GHSA-p72g-cgh9-ghjg · 深刻度: high · エコシステム: maven — Failing DTLS handshakes may cause throttling to block processing of records
| vendor | priority | summary | link |
|---|---|---|---|
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2022-39368 |
| ベンダー | 製品 | バージョン | 生の CPE |
|---|---|---|---|
| eclipse | californium | < 2.7.4 | cpe:2.3:a:eclipse:californium:*:*:*:*:*:*:*:* |
| eclipse | californium | >= 3.0.0, < 3.7.0 | cpe:2.3:a:eclipse:californium:*:*:*:*:*:*:*:* |
| URL | タグ |
|---|---|
| https://github.com/eclipse-californium/californium/commit/5648a0c27c2c2667c98419254557a14bac2b1f3f | Patch Third Party Advisory |
| https://github.com/eclipse-californium/californium/commit/726bac57659410da463dcf404b3e79a7312ac0b9 | Patch Third Party Advisory |
| https://github.com/eclipse-californium/californium/security/advisories/GHSA-p72g-cgh9-ghjg | Patch Third Party Advisory |