An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. A buffer over-read exists in the dtls_sha256_update function. This bug allows remote attackers to cause a denial of service (crash) and possibly read sensitive information by sending a malformed packet with an over-large fragment length field, due to servers incorrectly handling malformed packets.
cbd23d5e5c03a89b7797b1140a3998118f6627b3823c690bdae65a977b7770e9
An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain sensitive application (data of connected clients).
db8a0bf96f7883a8a21b7027f42157c985e59fe2bbc26de4705dacefa635eccf
An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. An assertion failure in check_certificate_request() causes the server to exit unexpectedly, resulting in a denial of service.
860a30d6b1aa58e5dc58161f2acf23b5acba868a0821683f71b804cf74409a1c
An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. Incorrect handling of over-large packets in dtls_ccm_decrypt_message() causes a buffer over-read that can expose sensitive information.
fcd7f90fba43be1f60b391164b0ba2a0e19f793b3291f3ea45d6c373dadd81b8
An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length of cipher suites, which triggers an infinite loop (consuming all resources) and a buffer over-read that can disclose sensitive information.
846b82fbb5e4c16ada129d3f8122d5e00f7c07ffd7830416cb4698d8fd258206
An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops.
e1244689736de9338e92f0ce31592afd33da836f554ad8dfaf50a9775596ca5b
An issue was discovered in Contiki-NG tinyDTLS versions through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause denial of service.
d23467a0c344b00cea5d67a8d7ebffd0d3109291ffebc872fa9a3524ff53213a
Redis raft versions master-1b8bd86 to master-7b46079 were discovered to contain an ODR violation via the component hiredisAllocFns at /opt/fs/redisraft/deps/hiredis/alloc.c.
586772289785921cd60806511eb653c014c7a2c3992c9b9729e80b45a626043f