CVE-2021-42146

HIGH

Contiki-ng Tinydtls - Improper Exception Handling

Title source: rule

Description

An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients).

References (2)

[Mailing List, Third Party Advisory] https://seclists.org/fulldisclosure/2024/Jan/19

[Mailing List] http://seclists.org/fulldisclosure/2024/Jan/19

Scores

CVSS v3 7.5

EPSS 0.0009

EPSS Percentile 24.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-755 CWE-303

Status published

Affected Products (1)

contiki-ng/tinydtls

Timeline

Published Jan 24, 2024

Tracked Since Feb 18, 2026