Tinydtls

tinydtls

Vendor: Contiki Ng • 6 CVEs

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-42147 1Contiki Ng 1Tinydtls May 30, 2025 Jan 24, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Buffer over-read vulnerability in the dtls_sha256_update function in Contiki-NG tinyDTLS through master branch 53a0d97 allows remote attackers to cause a denial of service via crafted data packet.
CVE-2021-42146 1Contiki Ng 1Tinydtls Jun 20, 2025 Jan 24, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in R...Show more An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients).Show less
CVE-2021-42145 1Contiki Ng 1Tinydtls Jun 20, 2025 Jan 24, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An assertion failure discovered in in check_certificate_request() in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers to cause a denial of service.
CVE-2021-42143 1Contiki Ng 1Tinydtls Jun 20, 2025 Jan 24, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of serv...Show more An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length of cipher suites, which triggers an infinite loop (consuming all resources) and a buffer over-read that can disclose sensitive information.Show less
CVE-2021-42142 1Contiki Ng 1Tinydtls Jun 11, 2025 Jan 23, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and fals...Show more An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops.Show less
CVE-2021-42141 1Contiki Ng 1Tinydtls Jun 20, 2025 Jan 22, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may c...Show more An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause denial of service.Show less