63 matches found
CVE-2021-42143
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length o...
PT-2024-11022 · Unknown · Contiki-Ng
Name of the Vulnerable Software and Affected Versions: Contiki-NG tinyDTLS versions through master branch 53a0d97 Description: The issue allows attackers to obtain sensitive information via crafted input to the dtls ccm decrypt message function. Recommendations: For Contiki-NG tinyDTLS versions...
PT-2024-11024 · Unknown · Contiki-Ng
Name of the Vulnerable Software and Affected Versions: Contiki-NG tinyDTLS through master branch 53a0d97 Description: An issue was discovered in DTLS servers, allowing remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347...
PT-2024-11023 · Unknown · Contiki-Ng Tinydtls
Name of the Vulnerable Software and Affected Versions: Contiki-NG tinyDTLS through master branch 53a0d97 Description: An assertion failure in the check certificate request function allows attackers to cause a denial of service. This issue affects Contiki-NG tinyDTLS, enabling attackers to exploit...
CVE-2021-42147
Buffer over-read vulnerability in the dtlssha256update function in Contiki-NG tinyDTLS through master branch 53a0d97 allows remote attackers to cause a denial of service via crafted data packet...
CVE-2021-42146
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive...
CVE-2021-42144
Buffer over-read vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers obtain sensitive information via crafted input to dtlsccmdecryptmessage...
CVE-2021-42144
Buffer over-read vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers obtain sensitive information via crafted input to dtlsccmdecryptmessage...
CVE-2021-42143
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length o...
CVE-2021-42147
The CVE-2021-42147 entry concerns a buffer over-read in Contiki-NG tinyDTLS (dtls_sha256_update) affecting master branch 53a0d97, enabling a remote attacker to cause a denial of service via crafted data packets. Connected sources corroborate the issue in Contiki-NG tinyDTLS and describe the vulne...
CVE-2021-42145
CVE-2021-42145 affects Contiki-NG tinyDTLS in the master branch (commit 53a0d97). An assertion failure in check_certificate_request() can cause a denial of service. Documented impact is a high-severity network-root cause (CVSSv3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, base score 7.5). Affected so...
CVE-2021-42143
CVE-2021-42143 affects Contiki-NG tinyDTLS (master branch 53a0d97). Affected: tinyDTLS handshake processing where an odd-length ClientHello cipher suites list can trigger an infinite loop, causing denial of service and a buffer over-read that may leak sensitive data. Impact: remote network attack...
CVE-2021-42144
Contiki-NG tinyDTLS (master branch commit 53a0d97) suffers a buffer over-read via crafted input to dtls_ccm_decrypt_message(), exposing sensitive data. Documented in CVE-2021-42144; no patch version or remediation detail provided in the connected sources. Exploit status not specified.
CVE-2021-42146
Contiki-NG tinyDTLS (master branch 53a0d97) contains a DTLS server issue where an attacker can reuse the same epoch number within two times the TCP maximum segment lifetime (RFC6347). This allows remote access to sensitive application data of connected clients. Affected component: DTLS server in ...
CVE-2021-42147
Buffer over-read vulnerability in the dtlssha256update function in Contiki-NG tinyDTLS through master branch 53a0d97 allows remote attackers to cause a denial of service via crafted data packet...
CVE-2021-42142
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops...
CVE-2021-42142
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops...
Code injection
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops...
CVE-2021-42142
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops...
CVE-2021-42142
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops...