An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients).
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://seclists.org/fulldisclosure/2024/Jan/19 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-01-24T00:00:00
Updated: 2024-08-04T03:30:37.713Z
Reserved: 2021-10-11T00:00:00
Link: CVE-2021-42146
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2024-01-24T19:15:08.483
Modified: 2024-02-01T20:16:49.277
Link: CVE-2021-42146
Redhat
No data.