An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length of cipher suites, which triggers an infinite loop (consuming all resources) and a buffer over-read that can disclose sensitive information.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://seclists.org/fulldisclosure/2024/Jan/16 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-01-24T00:00:00
Updated: 2024-08-04T03:30:37.578Z
Reserved: 2021-10-11T00:00:00
Link: CVE-2021-42143
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2024-01-24T18:15:08.080
Modified: 2024-01-31T20:05:29.880
Link: CVE-2021-42143
Redhat
No data.