Buffer over-read in TinyDTLS

Read Time:22 Second

Posted by Meng Ruijie on Jan 17

[Suggested description]
An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. Incorrect handling of over-large packets in
dtls_ccm_decrypt_message() causes a buffer over-read that can expose sensitive information.

[Vulnerability Type]
Buffer Overflow

[Vendor of Product]
https://github.com/contiki-ng/tinydtls

[Affected Product Code Base]
contiki-ng tinydtls – master branch 53a0d97

[Affected Component]
the service of dtls servers…

python-setuptools-69.0.3-4.fc40

FEDORA-2024-247e9ba33a Packages in this update: python-setuptools-69.0.3-4.fc40 Update description: Security fix for CVE-2024-6345. Read More

July 26, 2024

python-setuptools-67.7.2-8.fc39

FEDORA-2024-9ed182a5d3 Packages in this update: python-setuptools-67.7.2-8.fc39 Update description: Security fix for CVE-2024-6345. Read More

July 26, 2024

USN-6919-1: Linux kernel vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to...

July 26, 2024

USN-6918-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings...

July 26, 2024

USN-6917-1: Linux kernel vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to...

July 26, 2024

curl-8.6.0-9.fc40

FEDORA-2024-a7976ba89f Packages in this update: curl-8.6.0-9.fc40 Update description: fix freeing stack buffer in utf8asn1str (CVE-2024-6197) Read More

July 26, 2024

Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services

Friday Squid Blogging: Sunscreen from Squid Pigments

Compromising the Secure Boot Process

Synnovis Restores Systems After Cyber-Attack, But Blood Shortages Remain

Hacktivists Claim Leak of CrowdStrike Threat Intelligence

CrowdStrike Falcon Outage Exploited for Social Engineering

Despite Bans, AI Code Tools Widespread in Organizations

North Korean Hackers Target Critical Infrastructure for Military Gain

The CrowdStrike Outage and Market-Driven Brittleness

python-setuptools-69.0.3-4.fc40

python-setuptools-67.7.2-8.fc39

USN-6919-1: Linux kernel vulnerabilities

USN-6918-1: Linux kernel vulnerabilities

USN-6917-1: Linux kernel vulnerabilities

curl-8.6.0-9.fc40