Buffer Over-read Vulnerability in Contiki-NG's tinyDTLS
CVE-2021-42144

9.8CRITICAL

Key Information:

Vendor: Contiki-ng
Status: Contiki-ng Tinydtls
Vendor: CVE Published:; 24 January 2024

What is CVE-2021-42144?

A buffer over-read vulnerability exists in the tinyDTLS implementation within Contiki-NG. This vulnerability allows attackers to leverage crafted inputs targeting the dtls_ccm_decrypt_message function, potentially exposing sensitive information. Attackers exploiting this issue could obtain data that should remain protected, raising serious security concerns for applications utilizing this library.

References

https://seclists.org/fulldisclosure/2024/Jan/17

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 24, 2024
Vulnerability Reserved
Oct 11, 2021

Contiki-ng

What is CVE-2021-42144?

References

CVSS V3.1

Timeline