CVE-2021-42146

An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients).
References
Link Resource
https://seclists.org/fulldisclosure/2024/Jan/19 Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:contiki-ng:tinydtls:2018-08-30:*:*:*:*:*:*:*

History

24 Jan 2024, 19:43

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-24 19:15

Updated : 2024-02-01 20:16


NVD link : CVE-2021-42146

Mitre link : CVE-2021-42146

CVE.ORG link : CVE-2021-42146


JSON object : View

Products Affected

contiki-ng

  • tinydtls
CWE
CWE-755

Improper Handling of Exceptional Conditions