Eclipse tinydtls contains an out-of-bounds read vulnerability in the check_server_certificate() function that permits unauthenticated attackers to craft a Certificate handshake message with a specific fragment_length value. The missing buffer length validation before uint24 reads, memcmp, and memcpy operations during DTLS epoch 0 leads to memory reads beyond valid bounds. This flaw is identified as CWE-125 and can result in a denial of service on memory‑constrained devices. The attacker can trigger the weakness without needing authentication, causing the target DTLS client or server to crash or become unresponsive.

The vulnerability affects the Eclipse tinydtls library distributed by the Eclipse Foundation. Any instance of the library deployed prior to commit b3efd41ad111a4920f599f51ffa4f5e9f1e72221 is vulnerable. No specific release numbers are cited beyond the pre‑commit identifier, so all earlier builds may be impacted.

The CVSS score is 6.9, indicating moderate severity, and no EPSS value is available, so the current exploitation probability is unknown. The vulnerability is not listed in the CISA KEV catalog. Attackers would need to send a specially crafted DTLS handshake message to a DTLS client or server that uses the vulnerable library. The exploit path requires a DTLS connection trigger, making it likely to be used in targeted denial‑of‑service attacks against embedded or IoT devices that rely on tinydtls for lightweight TLS communication.