CVE-2021-42141 - Vulnerability Details - OpenCVE

An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause denial of service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Contiki-ng	Tinydtls

Configuration 1 [-]

cpe:2.3:a:contiki-ng:tinydtls:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/176625/Contiki-NG-tinyDTLS-Denial-Of-Service.html
http://seclists.org/fulldisclosure/2024/Jan/14
https://github.com/contiki-ng/tinydtls/issues/27
https://seclists.org/fulldisclosure/2024/Jan/14

History

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2024/Jan/14

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-01-22T00:00:00

Updated: 2024-08-04T03:30:37.659Z

Reserved: 2021-10-11T00:00:00

Link: CVE-2021-42141

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-22T23:15:08.120

Modified: 2024-11-21T06:27:20.747

Link: CVE-2021-42141

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:contiki-ng:tinydtls:*:*:*:*:*:*:*:*", "matchCriteriaId": "E938DF84-2663-4516-87E3-B7E46789F6A1", "versionEndIncluding": "2018-08-30", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause denial of service."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Contiki-NG tinyDTLS hasta el 30 de agosto de 2018. Un protocolo de enlace incorrecto podr\u00eda completarse con diferentes n\u00fameros de \u00e9poca en los paquetes Client_Hello, Client_key_exchange y Change_cipher_spec, lo que puede provocar una denegaci\u00f3n de servicio."}], "id": "CVE-2021-42141", "lastModified": "2024-11-21T06:27:20.747", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-22T23:15:08.120", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/176625/Contiki-NG-tinyDTLS-Denial-Of-Service.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/contiki-ng/tinydtls/issues/27"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/fulldisclosure/2024/Jan/14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/176625/Contiki-NG-tinyDTLS-Denial-Of-Service.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2024/Jan/14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/contiki-ng/tinydtls/issues/27"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/fulldisclosure/2024/Jan/14"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}]}