Skip to main content

CVE-2021-42147: n/a in n/a

Critical
VulnerabilityCVE-2021-42147cvecve-2021-42147
Published: Wed Jan 24 2024 (01/24/2024, 00:00:00 UTC)
Source: CVE Database V5
Vendor/Project: n/a
Product: n/a

Description

Buffer over-read vulnerability in the dtls_sha256_update function in Contiki-NG tinyDTLS through master branch 53a0d97 allows remote attackers to cause a denial of service via crafted data packet.

AI-Powered Analysis

AILast updated: 07/08/2025, 19:24:58 UTC

Technical Analysis

CVE-2021-42147 is a critical buffer over-read vulnerability identified in the dtls_sha256_update function within the tinyDTLS implementation used by Contiki-NG, an open-source operating system for Internet of Things (IoT) devices. The vulnerability arises due to improper bounds checking in the dtls_sha256_update function, which processes incoming DTLS (Datagram Transport Layer Security) packets. Specifically, crafted data packets can trigger a buffer over-read condition, where the function reads beyond the allocated memory buffer. This flaw can be exploited remotely by an unauthenticated attacker sending maliciously crafted DTLS packets to vulnerable devices. The consequence of this vulnerability is a denial of service (DoS) condition, where the affected device may crash or become unresponsive, disrupting normal operations. The CVSS v3.1 base score of 9.1 reflects the critical severity, with an attack vector of network (AV:N), no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality and availability (C:H/A:H) but no impact on integrity (I:N). The vulnerability is classified under CWE-125 (Out-of-bounds Read), indicating a memory safety issue. No known public exploits have been reported in the wild, and no official patches or vendor advisories are listed, which may suggest limited awareness or deployment of fixes. Given that tinyDTLS is commonly used in constrained IoT environments, this vulnerability poses a significant risk to embedded systems relying on Contiki-NG for secure communication, especially in scenarios where DTLS is used to protect data confidentiality and device authentication over UDP transport.

Potential Impact

For European organizations, the impact of CVE-2021-42147 can be substantial, particularly for industries and sectors that deploy IoT devices running Contiki-NG or tinyDTLS for secure communications. These include smart city infrastructure, industrial control systems, healthcare devices, and critical infrastructure monitoring. A successful exploitation could lead to denial of service on IoT endpoints, causing operational disruptions, loss of telemetry data, and potential cascading failures in automated systems. The high confidentiality impact indicates that sensitive information processed by the DTLS session could be exposed or inferred, raising privacy and compliance concerns under regulations such as GDPR. Availability impacts could affect service continuity, especially in environments where IoT devices perform real-time monitoring or control functions. Although no known exploits are currently active in the wild, the critical severity and network attack vector imply that attackers could develop exploits with relative ease, increasing the urgency for European organizations to assess their exposure. The lack of patches or vendor guidance complicates mitigation efforts, potentially prolonging the window of vulnerability.

Mitigation Recommendations

European organizations should take a proactive approach to mitigate this vulnerability. First, conduct an inventory of IoT devices and embedded systems using Contiki-NG and tinyDTLS to identify potentially affected assets. Engage with device manufacturers or open-source project maintainers to obtain patches or updated versions that address the vulnerability; if none are available, consider applying custom code reviews or patches to the dtls_sha256_update function to enforce strict bounds checking. Network-level mitigations include deploying intrusion detection/prevention systems (IDS/IPS) with signatures or anomaly detection rules targeting malformed DTLS packets to block or alert on suspicious traffic. Segment IoT networks to limit exposure and restrict access to critical devices from untrusted networks. Implement rate limiting and filtering on UDP ports used by DTLS to reduce the risk of exploitation attempts. Regularly monitor device logs and network traffic for signs of exploitation attempts or abnormal behavior. Finally, develop incident response plans specific to IoT device failures to minimize operational impact in case of successful attacks.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2021-10-11T00:00:00.000Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 6839c098182aa0cae2b3b6c1

Added to database: 5/30/2025, 2:28:40 PM

Last enriched: 7/8/2025, 7:24:58 PM

Last updated: 8/7/2025, 11:25:42 AM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats