Page 2 of 53 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An assertion failure discovered in in check_certificate_request() in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers to cause a denial of service. Un error de aserción descubierto en check_certificate_request() en Contiki-NG tinyDTLS a través de la rama maestra 53a0d97 permite a los atacantes provocar una denegación de servicio. • https://seclists.org/fulldisclosure/2024/Jan/18 • CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Buffer over-read vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers obtain sensitive information via crafted input to dtls_ccm_decrypt_message(). Vulnerabilidad de lectura excesiva del búfer en Contiki-NG tinyDTLS a través de la rama maestra 53a0d97 permite a los atacantes obtener información confidencial a través de entradas manipuladas en dtls_ccm_decrypt_message(). • https://seclists.org/fulldisclosure/2024/Jan/17 • CWE-125: Out-of-bounds Read •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length of cipher suites, which triggers an infinite loop (consuming all resources) and a buffer over-read that can disclose sensitive information. Se descubrió un problema en Contiki-NG tinyDTLS a través de la rama maestra 53a0d97. Existe un error de bucle infinito durante el manejo de un mensaje de protocolo de enlace ClientHello. • https://seclists.org/fulldisclosure/2024/Jan/16 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops. Se descubrió un problema en Contiki-NG tinyDTLS a través de la rama maestra 53a0d97. Los servidores DTLS manejan mal el uso inicial de un número de época grande. • https://github.com/contiki-ng/tinydtls/issues/24 https://seclists.org/fulldisclosure/2024/Jan/15 • CWE-755: Improper Handling of Exceptional Conditions CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause denial of service. Se descubrió un problema en Contiki-NG tinyDTLS hasta el 30 de agosto de 2018. Un protocolo de enlace incorrecto podría completarse con diferentes números de época en los paquetes Client_Hello, Client_key_exchange y Change_cipher_spec, lo que puede provocar una denegación de servicio. • http://packetstormsecurity.com/files/176625/Contiki-NG-tinyDTLS-Denial-Of-Service.html https://github.com/contiki-ng/tinydtls/issues/27 https://seclists.org/fulldisclosure/2024/Jan/14 • CWE-755: Improper Handling of Exceptional Conditions •