CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-34430
https://notcve.org/view.php?id=CVE-2021-34430
Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic. Eclipse TinyDTLS versiones hasta 0.9-rc1 se basa en la función rand de la biblioteca C, lo que facilita a atacantes remotos el cálculo de la clave maestra y luego el descifrado del tráfico DTLS • https://bugs.eclipse.org/bugs/show_bug.cgi?id=568803 • CWE-326: Inadequate Encryption Strength CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7243
https://notcve.org/view.php?id=CVE-2017-7243
Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause a denial of service (DTLS peer crash) by sending a "Change cipher spec" packet without pre-handshake. Eclipse tinydtls 0.8.2 para Eclipse IoT permite que atacantes remotos causen una denegación de servicio (caída de pares de DTLS) enviando un paquete "Cambiar especificación de cifrado" sin pre-apretón de manos. • http://www.securityfocus.com/bid/97193 https://gist.github.com/k1rh4/25dcb124aef2a8a2a5f4677d64d1998b https://github.com/k1rh4/CVE/blob/master/tinydtls • CWE-476: NULL Pointer Dereference •