First published: Sun Sep 05 2021(Updated: )
In Contiki 3.0, Telnet option negotiation is mishandled. During negotiation between a server and a client, the server may fail to give the WILL/WONT or DO/DONT response for DO and WILL commands because of improper handling of exception condition, which leads to property violations and denial of service. Specifically, a server sometimes sends no response, because a fixed buffer space is available for all responses and that space may have been exhausted.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Contiki-os Contiki | =3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-40523 is a vulnerability in Contiki 3.0 that mishandles Telnet option negotiation, leading to property violations and denial of service.
CVE-2021-40523 has a severity score of 7.5 (High).
Contiki 3.0 is the affected software version for CVE-2021-40523.
There is no known fix or patch available for CVE-2021-40523 at the moment. It is recommended to follow the vendor's advisories for any updates or mitigations.
You can find more information about CVE-2021-40523 at the following link: [https://github.com/contiki-os/contiki/issues/2686](https://github.com/contiki-os/contiki/issues/2686)