CVE-2021-40523
First published: Sun Sep 05 2021(Updated: )
In Contiki 3.0, Telnet option negotiation is mishandled. During negotiation between a server and a client, the server may fail to give the WILL/WONT or DO/DONT response for DO and WILL commands because of improper handling of exception condition, which leads to property violations and denial of service. Specifically, a server sometimes sends no response, because a fixed buffer space is available for all responses and that space may have been exhausted.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Contiki-os Contiki | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-40523?
CVE-2021-40523 is a vulnerability in Contiki 3.0 that mishandles Telnet option negotiation, leading to property violations and denial of service.
How severe is CVE-2021-40523?
CVE-2021-40523 has a severity score of 7.5 (High).
What software versions are affected by CVE-2021-40523?
Contiki 3.0 is the affected software version for CVE-2021-40523.
How can I fix CVE-2021-40523?
There is no known fix or patch available for CVE-2021-40523 at the moment. It is recommended to follow the vendor's advisories for any updates or mitigations.
Where can I find more information about CVE-2021-40523?
You can find more information about CVE-2021-40523 at the following link: [https://github.com/contiki-os/contiki/issues/2686](https://github.com/contiki-os/contiki/issues/2686)
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/references
- agent/tags
- agent/event
- agent/description
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/contiki-os
- canonical/contiki-os contiki
- version/contiki-os contiki/3.0