6 results (0.007 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An assertion failure discovered in in check_certificate_request() in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers to cause a denial of service. Un error de aserción descubierto en check_certificate_request() en Contiki-NG tinyDTLS a través de la rama maestra 53a0d97 permite a los atacantes provocar una denegación de servicio. • https://seclists.org/fulldisclosure/2024/Jan/18 • CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length of cipher suites, which triggers an infinite loop (consuming all resources) and a buffer over-read that can disclose sensitive information. Se descubrió un problema en Contiki-NG tinyDTLS a través de la rama maestra 53a0d97. Existe un error de bucle infinito durante el manejo de un mensaje de protocolo de enlace ClientHello. • https://seclists.org/fulldisclosure/2024/Jan/16 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops. Se descubrió un problema en Contiki-NG tinyDTLS a través de la rama maestra 53a0d97. Los servidores DTLS manejan mal el uso inicial de un número de época grande. • https://github.com/contiki-ng/tinydtls/issues/24 https://seclists.org/fulldisclosure/2024/Jan/15 • CWE-755: Improper Handling of Exceptional Conditions CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause denial of service. Se descubrió un problema en Contiki-NG tinyDTLS hasta el 30 de agosto de 2018. Un protocolo de enlace incorrecto podría completarse con diferentes números de época en los paquetes Client_Hello, Client_key_exchange y Change_cipher_spec, lo que puede provocar una denegación de servicio. • http://packetstormsecurity.com/files/176625/Contiki-NG-tinyDTLS-Denial-Of-Service.html https://github.com/contiki-ng/tinydtls/issues/27 https://seclists.org/fulldisclosure/2024/Jan/14 • CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic. Eclipse TinyDTLS versiones hasta 0.9-rc1 se basa en la función rand de la biblioteca C, lo que facilita a atacantes remotos el cálculo de la clave maestra y luego el descifrado del tráfico DTLS • https://bugs.eclipse.org/bugs/show_bug.cgi?id=568803 • CWE-326: Inadequate Encryption Strength CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •