9.8
CVE-2021-42142
- EPSS 0.99%
- Veröffentlicht 23.01.2024 22:15:16
- Zuletzt bearbeitet 11.06.2025 17:15:30
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Contiki-ng ≫ Tinydtls Version <= 2018-08-30
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.99% | 0.579 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.2 | 3.9 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
|
CWE-755 Improper Handling of Exceptional Conditions
The product does not handle or incorrectly handles an exceptional condition.
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
https://github.com/contiki-ng/tinydtls/issues/24
https://seclists.org/fulldisclosure/2024/Jan/15
http://seclists.org/fulldisclosure/2024/Jan/15