CRITICAL🇵🇱 Wersja polska

CVE-2021-42141

CVSS 9.8v3.1pub. 2024-01-22upd. 2025-06-20

An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause denial of service.

🤖 AI Analysis
How it works

The vulnerability lies in improper exception handling during the DTLS connection negotiation process (handshake). An attacker can send Client_Hello, Client_key_exchange, and Change_cipher_spec packets containing different, inconsistent epoch numbers. The tinyDTLS library accepts such an invalid handshake as complete, leading to an unexpected application state and potentially triggering a denial of service.

Impact

An unauthenticated remote attacker can disrupt the availability of a device or service using the tinyDTLS library, causing a denial of service.

Mitigation & patch

Apply patches available from the vendor according to the references provided. It is recommended to monitor the Contiki-NG/tinydtls GitHub repository to obtain the latest fix.

Who is affected

Contiki-NG tinyDTLS in versions up to and including 2018-08-30

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Contiki Ng Tinydtls

    APP
    Contiki-Ng
    ≤ 2018-08-30
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2021-42143CRITICAL9.1PL ✓ten sam produkt

Nieskończona pętla i buffer over-read w Contiki-NG tinyDTLS (DTLS ClientHello)

CVE-2021-42147CRITICAL9.1PL ✓ten sam produkt

Buffer over-read w Contiki-NG tinyDTLS — zdalne DoS przez spreparowany pakiet

CVE-2021-42142CRITICAL9.8PL ✓ten sam produkt

Nieprawidłowa obsługa dużego numeru epoki w Contiki-NG tinyDTLS — DoS i fałszywe odrzucanie pakietów

CVE-2021-42145HIGH7.5ten sam produkt

An assertion failure discovered in in check_certificate_request() in Contiki-NG tinyDTLS through master branch...

CVE-2021-42146HIGH7.5ten sam produkt

An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attack...