CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42141 – Contiki-NG tinyDTLS Denial of Service
https://notcve.org/view.php?id=CVE-2021-42141
18 Jan 2024 — An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause denial of service. Se descubrió un problema en Contiki-NG tinyDTLS hasta el 30 de agosto de 2018. Un protocolo de enlace incorrecto podría completarse con diferentes números de época en los paquetes Client_Hello, Client_key_exchange y Change_cipher_spec, lo que puede provocar una denega... • http://packetstormsecurity.com/files/176625/Contiki-NG-tinyDTLS-Denial-Of-Service.html • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2021-42142 – Contiki-NG tinyDTLS Denial of Service
https://notcve.org/view.php?id=CVE-2021-42142
18 Jan 2024 — An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops. Se descubrió un problema en Contiki-NG tinyDTLS a través de la rama maestra 53a0d97. Los servidores DTLS manejan mal el uso inicial de un número de época grande. • https://github.com/contiki-ng/tinydtls/issues/24 • CWE-755: Improper Handling of Exceptional Conditions CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42143 – Contiki-NG tinyDTLS Buffer Over-Read / Denial of Service
https://notcve.org/view.php?id=CVE-2021-42143
18 Jan 2024 — An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length of cipher suites, which triggers an infinite loop (consuming all resources) and a buffer over-read that can disclose sensitive information. Se descubrió un problema en Contiki-NG tinyDTLS a través de la rama maestra ... • https://seclists.org/fulldisclosure/2024/Jan/16 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42145 – Contiki-NG tinyDTLS check_certificate_request() Denial of Service
https://notcve.org/view.php?id=CVE-2021-42145
18 Jan 2024 — An assertion failure discovered in in check_certificate_request() in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers to cause a denial of service. Un error de aserción descubierto en check_certificate_request() en Contiki-NG tinyDTLS a través de la rama maestra 53a0d97 permite a los atacantes provocar una denegación de servicio. An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. An assertion failure in check_certificate_request() causes the server to exit unexpect... • https://seclists.org/fulldisclosure/2024/Jan/18 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42146 – Contiki-NG tinyDTLS Epoch Number Reuse
https://notcve.org/view.php?id=CVE-2021-42146
18 Jan 2024 — An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients). Se descubrió un problema en Contiki-NG tinyDTLS a través de la rama maestra 53a0d97. Los servidores DTLS permiten a atacantes remotos reutilizar el mismo número de época dentro de ... • https://seclists.org/fulldisclosure/2024/Jan/19 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42147 – Contiki-NG tinyDTLS Buffer Over-Read / Denial of Service
https://notcve.org/view.php?id=CVE-2021-42147
18 Jan 2024 — Buffer over-read vulnerability in the dtls_sha256_update function in Contiki-NG tinyDTLS through master branch 53a0d97 allows remote attackers to cause a denial of service via crafted data packet. Vulnerabilidad de lectura excesiva del búfer en la función dtls_sha256_update en Contiki-NG tinyDTLS a través de la rama maestra 53a0d97 permite a atacantes remotos provocar una denegación de servicio a través de un paquete de datos manipulado. An issue was discovered in Contiki-NG tinyDTLS versions through 2018-0... • https://seclists.org/fulldisclosure/2024/Jan/20 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-34430
https://notcve.org/view.php?id=CVE-2021-34430
08 Jul 2021 — Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic. Eclipse TinyDTLS versiones hasta 0.9-rc1 se basa en la función rand de la biblioteca C, lo que facilita a atacantes remotos el cálculo de la clave maestra y luego el descifrado del tráfico DTLS • https://bugs.eclipse.org/bugs/show_bug.cgi?id=568803 • CWE-326: Inadequate Encryption Strength CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7243
https://notcve.org/view.php?id=CVE-2017-7243
24 Mar 2017 — Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause a denial of service (DTLS peer crash) by sending a "Change cipher spec" packet without pre-handshake. Eclipse tinydtls 0.8.2 para Eclipse IoT permite que atacantes remotos causen una denegación de servicio (caída de pares de DTLS) enviando un paquete "Cambiar especificación de cifrado" sin pre-apretón de manos. • http://www.securityfocus.com/bid/97193 • CWE-476: NULL Pointer Dereference •