[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Misues same epoch number within TCP lifetime in TinyDTLS

To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] Misues same epoch number within TCP lifetime in TinyDTLS
From: Meng Ruijie <ruijie_meng@xxxxxxxxx>
Date: Tue, 16 Jan 2024 14:01:57 +0000

[Suggested description]
An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. DTLS servers 
allow remote attackers to reuse the same epoch number within two times the TCP 
maximum segment lifetime, which is prohibited in RFC6347. This vulnerability 
allows remote attackers to obtain sensitive application (data of connected 
clients).

[VulnerabilityType Other]
Improper Handling of exception conditions

[Vendor of Product]
https://github.com/contiki-ng/tinydtls

[Affected Product Code Base]
contiki-ng tinydtls - master branch 53a0d97

[Affected Component]
the service of dtls servers

[Attack Type]
Remote

[Impact Code execution]
true

[Impact Information Disclosure]
true

[Reference]
https://github.com/contiki-ng/tinydtls/issues/25

[Discoverer]
jerrytesting

[CVE Reference]
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned 
the name CVE-2021-42146 to this vulnerability.
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Prev by Date: [FD] Assertion failure in check_certificate_request() of TinyDTLS
Next by Date: [FD] Buffer over-read in dtls_sha256_update of TinyDTLS
Previous by thread: [FD] Assertion failure in check_certificate_request() of TinyDTLS
Next by thread: [FD] Buffer over-read in dtls_sha256_update of TinyDTLS
Index(es):
- Date
- Thread