CVE-2021-42146

HIGH

Contiki-ng Tinydtls - Improper Exception Handling

Title source: rule

Description

An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients).

References (2)

[Mailing List, Third Party Advisory] https://seclists.org/fulldisclosure/2024/Jan/19

[Mailing List] http://seclists.org/fulldisclosure/2024/Jan/19

Scores

CVSS v3 7.5

EPSS 0.0009

EPSS Percentile 24.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-755 CWE-303

Status published

Products (1)

contiki-ng/tinydtls 2018-08-30

Published Jan 24, 2024

Tracked Since Feb 18, 2026