CVE-2022-2576: 
Java vulnerability analysis and mitigation

In Eclipse Californium versions 2.0.0 to 2.7.2 and 3.0.0-3.5.0, a DTLS resumption handshake vulnerability was discovered where the system falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. This vulnerability was assigned CVE-2022-2576 and affects the DTLS 1.2 protocol implementation. The issue specifically occurs when DTLSVERIFYPEERSONRESUMPTION_THRESHOLD values are set larger than 0 (Eclipse Bug).

The vulnerability stems from an incorrect behavior order in the DTLS handshake process. When the server receives a ClientHello message with a valid Session ID, it responds directly with ServerHello, ChangeCipherSpec, and Finished messages without performing a stateless cookie exchange during session resumption. This particularly affects scenarios involving certificate-based cipher suites. The vulnerability has been classified under CWE-408 (Incorrect Behavior Order: Early Amplification) and received a CVSS v3.1 Base Score of 7.5 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (NVD Database).

The vulnerability can result in two primary security impacts: message amplification that can be used for DDoS attacks against other peers, and high CPU load leading to DoS conditions on the affected server itself. This is particularly severe when used with certificate-based cipher suites (Eclipse Bug).

The issue has been fixed in Eclipse Californium versions 2.7.3 and 3.6.0. As a workaround for affected versions, users can set DTLSVERIFYPEERSONRESUMPTION_THRESHOLD to 0, which ensures that HelloVerifyRequest is always used. The permanent fix ensures that HelloVerifyRequest is always used when falling back to a full handshake (Eclipse Bug).