CVE-2021-42146

Published: Jan 24, 2024Modified: Jun 20, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients).

Affected (1)

Products: Contiki Ng: Tinydtls

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Contiki Ng Tinydtls	Version 2018-08-30

Related CWEs

Incorrect Implementation of Authentication Algorithm

The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

References (3)

https://seclists.org/fulldisclosure/2024/Jan/19

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2024/Jan/19

Source: af854a3a-2127-422b-91ae-364da2661108

https://seclists.org/fulldisclosure/2024/Jan/19

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.