Vulnerabilities > CVE-2021-42143 - Infinite Loop vulnerability in Contiki-Ng Tinydtls 20180830

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

contiki-ng

CWE-835

critical

NVD

Published: 2024-01-24

Updated: 2024-01-31

Summary

An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length of cipher suites, which triggers an infinite loop (consuming all resources) and a buffer over-read that can disclose sensitive information.

Vulnerable Configurations

Part	Description	Count
Application	Contiki-Ng Contiki NG Tinydtls - Contiki NG Tinydtls 2018-08-30	2

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

References

https://seclists.org/fulldisclosure/2024/Jan/16