Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-42146


An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients).


Published

2024-01-24T19:15:08.483

Last Modified

2025-06-20T20:15:23.110

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses
  • Type: Primary
    CWE-755
  • Type: Secondary
    CWE-303

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application contiki-ng tinydtls 2018-08-30 Yes

References