CVE-2021-38311

Published: Aug 9, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In Contiki 3.0, potential nonterminating acknowledgment loops exist in the Telnet service. When the negotiated options are already disabled, servers still respond to DONT and WONT requests with WONT or DONT commands, which may lead to infinite acknowledgment loops, denial of service, and excessive CPU consumption.

Affected (1)

Products: Contiki Os: Contiki

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Contiki Os Contiki	Version 3.0

Related CWEs

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (2)

https://github.com/contiki-os/contiki/issues/2685

Source: cve@mitre.org

ExploitIssue TrackingPatchThird Party Advisory

https://github.com/contiki-os/contiki/issues/2685

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

Timeline

No history available yet.