Lucene search
EclipseCVELIST:CVE-2021-34433HistoryAug 20, 2021 - 5:10 p.m.
CVE-2021-34433
2021-08-2017:10:10
CWE-322
eclipse
www.cve.org
0.001 Low
EPSS
Percentile
33.0%
In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based (x509 and RPK) DTLS handshakes accidentally succeeds without verifying the server sideβs signature on the client side, if that signature is not included in the serverβs ServerKeyExchange.
CNA Affected
[
{
"product": "Eclipse Californium",
"vendor": "The Eclipse Foundation",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.6.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "3.0.0-M1",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.0.0-M3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2021-34433
2021-08-20 17:15:07
osv
osv
CVE-2021-34433
2021-08-20 17:15:07
cve
cve
CVE-2021-34433
2021-08-20 17:15:07
prion
prion
Code injection
2021-08-20 17:15:00