Summary: | Buffer over-read bug in the function dtls_sha256_update | ||
---|---|---|---|
Product: | Community | Reporter: | Jerry Testing <mengrj.cs> |
Component: | Vulnerability Reports | Assignee: | Security vulnerabilitied reported against Eclipse projects <vulnerability.reports-inbox> |
Status: | CLOSED MOVED | QA Contact: | |
Severity: | normal | ||
Priority: | P3 | CC: | bergmann, wayne.beaton |
Version: | unspecified | Keywords: | security |
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | Linux | ||
Whiteboard: |
Description
Jerry Testing
2021-06-19 09:58:36 EDT
This bug exists through 0.9-rc1. This bug results from a missing bound check before access . tinydtls servers incorrectly handle malformed handshake packets. When receiving a malicious handshake packet, whose value of the Length field is larger than the real one, servers will try to read more bytes than the real one, which will lead to disclosing sensitive information. Remote attackers can also send this kind of packet to cause the denial of service. Project team: we need your engagement here. There's help in the handbook [1] [1] https://www.eclipse.org/projects/handbook/#vulnerability We've exceeded the three month deadline; I've removed the confidentiality flag for quiet disclosure. This issue has been migrated to https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/608. |