CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42141 – Contiki-NG tinyDTLS Denial of Service
https://notcve.org/view.php?id=CVE-2021-42141
18 Jan 2024 — An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause denial of service. Se descubrió un problema en Contiki-NG tinyDTLS hasta el 30 de agosto de 2018. Un protocolo de enlace incorrecto podría completarse con diferentes números de época en los paquetes Client_Hello, Client_key_exchange y Change_cipher_spec, lo que puede provocar una denega... • http://packetstormsecurity.com/files/176625/Contiki-NG-tinyDTLS-Denial-Of-Service.html • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2021-42142 – Contiki-NG tinyDTLS Denial of Service
https://notcve.org/view.php?id=CVE-2021-42142
18 Jan 2024 — An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops. Se descubrió un problema en Contiki-NG tinyDTLS a través de la rama maestra 53a0d97. Los servidores DTLS manejan mal el uso inicial de un número de época grande. • https://github.com/contiki-ng/tinydtls/issues/24 • CWE-755: Improper Handling of Exceptional Conditions CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42143 – Contiki-NG tinyDTLS Buffer Over-Read / Denial of Service
https://notcve.org/view.php?id=CVE-2021-42143
18 Jan 2024 — An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length of cipher suites, which triggers an infinite loop (consuming all resources) and a buffer over-read that can disclose sensitive information. Se descubrió un problema en Contiki-NG tinyDTLS a través de la rama maestra ... • https://seclists.org/fulldisclosure/2024/Jan/16 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42144 – Contiki-NG tinyDTLS dtls_ccm_decrypt_message() Buffer Overread
https://notcve.org/view.php?id=CVE-2021-42144
18 Jan 2024 — Buffer over-read vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers obtain sensitive information via crafted input to dtls_ccm_decrypt_message(). Vulnerabilidad de lectura excesiva del búfer en Contiki-NG tinyDTLS a través de la rama maestra 53a0d97 permite a los atacantes obtener información confidencial a través de entradas manipuladas en dtls_ccm_decrypt_message(). An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. Incorrect handling of over-large... • https://seclists.org/fulldisclosure/2024/Jan/17 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42145 – Contiki-NG tinyDTLS check_certificate_request() Denial of Service
https://notcve.org/view.php?id=CVE-2021-42145
18 Jan 2024 — An assertion failure discovered in in check_certificate_request() in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers to cause a denial of service. Un error de aserción descubierto en check_certificate_request() en Contiki-NG tinyDTLS a través de la rama maestra 53a0d97 permite a los atacantes provocar una denegación de servicio. An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. An assertion failure in check_certificate_request() causes the server to exit unexpect... • https://seclists.org/fulldisclosure/2024/Jan/18 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42146 – Contiki-NG tinyDTLS Epoch Number Reuse
https://notcve.org/view.php?id=CVE-2021-42146
18 Jan 2024 — An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients). Se descubrió un problema en Contiki-NG tinyDTLS a través de la rama maestra 53a0d97. Los servidores DTLS permiten a atacantes remotos reutilizar el mismo número de época dentro de ... • https://seclists.org/fulldisclosure/2024/Jan/19 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42147 – Contiki-NG tinyDTLS Buffer Over-Read / Denial of Service
https://notcve.org/view.php?id=CVE-2021-42147
18 Jan 2024 — Buffer over-read vulnerability in the dtls_sha256_update function in Contiki-NG tinyDTLS through master branch 53a0d97 allows remote attackers to cause a denial of service via crafted data packet. Vulnerabilidad de lectura excesiva del búfer en la función dtls_sha256_update en Contiki-NG tinyDTLS a través de la rama maestra 53a0d97 permite a atacantes remotos provocar una denegación de servicio a través de un paquete de datos manipulado. An issue was discovered in Contiki-NG tinyDTLS versions through 2018-0... • https://seclists.org/fulldisclosure/2024/Jan/20 • CWE-125: Out-of-bounds Read •