NotCVE - vendor:"Contiki-ng" product:"Tinydtls" version:" <= 2018-08-30"

Page 2 of 8 results (0.007 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-42141

https://notcve.org/view.php?id=CVE-2021-42141

An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause denial of service. Se descubrió un problema en Contiki-NG tinyDTLS hasta el 30 de agosto de 2018. Un protocolo de enlace incorrecto podría completarse con diferentes números de época en los paquetes Client_Hello, Client_key_exchange y Change_cipher_spec, lo que puede provocar una denegación de servicio. • http://packetstormsecurity.com/files/176625/Contiki-NG-tinyDTLS-Denial-Of-Service.html https://github.com/contiki-ng/tinydtls/issues/27 https://seclists.org/fulldisclosure/2024/Jan/14 • CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

CVE-2021-34430

https://notcve.org/view.php?id=CVE-2021-34430

Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic. Eclipse TinyDTLS versiones hasta 0.9-rc1 se basa en la función rand de la biblioteca C, lo que facilita a atacantes remotos el cálculo de la clave maestra y luego el descifrado del tráfico DTLS • https://bugs.eclipse.org/bugs/show_bug.cgi?id=568803 • CWE-326: Inadequate Encryption Strength CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-7243

https://notcve.org/view.php?id=CVE-2017-7243

Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause a denial of service (DTLS peer crash) by sending a "Change cipher spec" packet without pre-handshake. Eclipse tinydtls 0.8.2 para Eclipse IoT permite que atacantes remotos causen una denegación de servicio (caída de pares de DTLS) enviando un paquete "Cambiar especificación de cifrado" sin pre-apretón de manos. • http://www.securityfocus.com/bid/97193 https://gist.github.com/k1rh4/25dcb124aef2a8a2a5f4677d64d1998b https://github.com/k1rh4/CVE/blob/master/tinydtls • CWE-476: NULL Pointer Dereference •

1 2