Lucene search

[email protected]NVD:CVE-2021-42147

HistoryJan 24, 2024 - 7:15 p.m.

CVE-2021-42147

2024-01-2419:15:08

CWE-125

[email protected]

web.nvd.nist.gov

cve-2021-42147

buffer over-read

contiki-ng

tinydtls

denial of service

crafted data packet

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

48.6%

JSON

Buffer over-read vulnerability in the dtls_sha256_update function in Contiki-NG tinyDTLS through master branch 53a0d97 allows remote attackers to cause a denial of service via crafted data packet.

Affected configurations

Nvd

Node

contiki-ngtinydtlsMatch2018-08-30

VendorProductVersionCPE
contiki-ngtinydtls2018-08-30cpe:2.3:a:contiki-ng:tinydtls:2018-08-30:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
contiki-ng	tinydtls	2018-08-30	cpe:2.3:a:contiki-ng:tinydtls:2018-08-30:::::::*

References

seclists.org/fulldisclosure/2024/Jan/20

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

48.6%

JSON

Related for NVD:CVE-2021-42147

cve1 cvelist1 prion1