CVE-2021-42146
First published: Wed Jan 24 2024(Updated: )
An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Contiki-NG | =2018-08-30 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-42146?
CVE-2021-42146 is classified as a high severity vulnerability due to the potential for remote attackers to exploit it.
How do I fix CVE-2021-42146?
To fix CVE-2021-42146, update to the latest version of tinyDTLS where this vulnerability is addressed.
What does CVE-2021-42146 allow an attacker to do?
CVE-2021-42146 allows remote attackers to reuse epoch numbers, which can lead to sensitive data exposure.
In which software is CVE-2021-42146 found?
CVE-2021-42146 affects the tinyDTLS implementation in Contiki-NG.
When was CVE-2021-42146 discovered?
CVE-2021-42146 was identified in the master branch of tinyDTLS with a commit dated August 30, 2018.
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- agent/severity
- agent/weakness
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/contiki-ng
- canonical/contiki-ng
- version/contiki-ng/2018-08-30