CVE-2021-42146

An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients).
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:contiki-ng:tinydtls:2018-08-30:*:*:*:*:*:*:*

History

21 Nov 2024, 06:27

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Jan/19 -
References () https://seclists.org/fulldisclosure/2024/Jan/19 - Mailing List, Third Party Advisory () https://seclists.org/fulldisclosure/2024/Jan/19 - Mailing List, Third Party Advisory

01 Feb 2024, 20:16

Type Values Removed Values Added
First Time Contiki-ng
Contiki-ng tinydtls
CWE CWE-755
CPE cpe:2.3:a:contiki-ng:tinydtls:2018-08-30:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References () https://seclists.org/fulldisclosure/2024/Jan/19 - () https://seclists.org/fulldisclosure/2024/Jan/19 - Mailing List, Third Party Advisory

24 Jan 2024, 19:43

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-24 19:15

Updated : 2024-11-21 06:27


NVD link : CVE-2021-42146

Mitre link : CVE-2021-42146

CVE.ORG link : CVE-2021-42146


JSON object : View

Products Affected

contiki-ng

  • tinydtls
CWE
CWE-755

Improper Handling of Exceptional Conditions