An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops.
References
Link | Resource |
---|---|
https://github.com/contiki-ng/tinydtls/issues/24 | Issue Tracking Patch |
https://seclists.org/fulldisclosure/2024/Jan/15 | Mailing List Third Party Advisory |
Configurations
History
21 Oct 2024, 11:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-770 |
31 Jan 2024, 14:51
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-755 | |
CPE | cpe:2.3:a:contiki-ng:tinydtls:*:*:*:*:*:*:*:* | |
References | () https://github.com/contiki-ng/tinydtls/issues/24 - Issue Tracking, Patch | |
References | () https://seclists.org/fulldisclosure/2024/Jan/15 - Mailing List, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
23 Jan 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-23 22:15
Updated : 2024-10-21 11:35
NVD link : CVE-2021-42142
Mitre link : CVE-2021-42142
CVE.ORG link : CVE-2021-42142
JSON object : View
Products Affected
contiki-ng
- tinydtls