An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients).
References
Link | Resource |
---|---|
https://seclists.org/fulldisclosure/2024/Jan/19 | Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2024/Jan/19 | |
https://seclists.org/fulldisclosure/2024/Jan/19 | Mailing List Third Party Advisory |
Configurations
History
21 Nov 2024, 06:27
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | () https://seclists.org/fulldisclosure/2024/Jan/19 - Mailing List, Third Party Advisory |
01 Feb 2024, 20:16
Type | Values Removed | Values Added |
---|---|---|
First Time |
Contiki-ng
Contiki-ng tinydtls |
|
CWE | CWE-755 | |
CPE | cpe:2.3:a:contiki-ng:tinydtls:2018-08-30:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | () https://seclists.org/fulldisclosure/2024/Jan/19 - Mailing List, Third Party Advisory |
24 Jan 2024, 19:43
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-24 19:15
Updated : 2024-11-21 06:27
NVD link : CVE-2021-42146
Mitre link : CVE-2021-42146
CVE.ORG link : CVE-2021-42146
JSON object : View
Products Affected
contiki-ng
- tinydtls
CWE
CWE-755
Improper Handling of Exceptional Conditions