CVE-2021-42146

An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients).
References
Link Resource
https://seclists.org/fulldisclosure/2024/Jan/19 Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:contiki-ng:tinydtls:2018-08-30:*:*:*:*:*:*:*

History

01 Feb 2024, 20:16

Type Values Removed Values Added
First Time Contiki-ng
Contiki-ng tinydtls
CWE CWE-755
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References () https://seclists.org/fulldisclosure/2024/Jan/19 - () https://seclists.org/fulldisclosure/2024/Jan/19 - Mailing List, Third Party Advisory
CPE cpe:2.3:a:contiki-ng:tinydtls:2018-08-30:*:*:*:*:*:*:*

24 Jan 2024, 19:43

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-24 19:15

Updated : 2024-02-28 20:54


NVD link : CVE-2021-42146

Mitre link : CVE-2021-42146

CVE.ORG link : CVE-2021-42146


JSON object : View

Products Affected

contiki-ng

  • tinydtls
CWE
CWE-755

Improper Handling of Exceptional Conditions