Buffer over-read in TinyDTLS

Read Time:22 Second

Posted by Meng Ruijie on Jan 17

[Suggested description]
An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. Incorrect handling of over-large packets in
dtls_ccm_decrypt_message() causes a buffer over-read that can expose sensitive information.

[Vulnerability Type]
Buffer Overflow

[Vendor of Product]
https://github.com/contiki-ng/tinydtls

[Affected Product Code Base]
contiki-ng tinydtls – master branch 53a0d97

[Affected Component]
the service of dtls servers…

ofono-2.14-1.fc40

FEDORA-2024-112fde4e1b Packages in this update: ofono-2.14-1.fc40 Update description: Update to v2.14 Read More

December 28, 2024

icecat-flatpak-115.18.0-2

FEDORA-FLATPAK-2024-5ad8ccec67 Packages in this update: icecat-flatpak-115.18.0-2 Update description: Updated patchset for CVE-2024-11693 CVE-2024-11697 CVE-2024-11692 Read More

December 26, 2024

mupdf-1.24.6-2.fc40

FEDORA-2024-bfc5e25437 Packages in this update: mupdf-1.24.6-2.fc40 Update description: fix CVE-2024-46657 (rhbz#2331626) Read More

December 26, 2024

mupdf-1.21.1-6.el9

FEDORA-EPEL-2024-94a20f339a Packages in this update: mupdf-1.21.1-6.el9 Update description: fix CVE-2024-46657 (rhbz#2331625) Read More

December 26, 2024

DSA-5837-1 fastnetmon – security update

Two security issues have been discovered in FastNetMon, a fast DDoS analyzer: Malformed Netflow/sFlow traffic could result in denial of...

December 26, 2024

DSA-5836-1 xen – security update

Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information...

December 26, 2024

CISA’s 2024 Review Highlights Major Efforts in Cybersecurity Industry Collaboration

Casino Players Using Hidden Cameras for Cheating

Friday Squid Blogging: Squid on Pizza

Scams Based on Fake Google Emails

Infostealers Dominate as Lumma Stealer Detections Soar by Almost 400%

The AI Fix #30: ChatGPT reveals the devastating truth about Santa (Merry Christmas!)

US and Japan Blame North Korea for $308m Crypto Heist

Spyware Maker NSO Group Found Liable for Hacking WhatsApp

Spyware Maker NSO Group Liable for WhatsApp User Hacks

ofono-2.14-1.fc40

icecat-flatpak-115.18.0-2

mupdf-1.24.6-2.fc40

mupdf-1.21.1-6.el9

DSA-5837-1 fastnetmon – security update

DSA-5836-1 xen – security update