Executive Summary

Informations
Name CVE-2021-21279 First vendor Publication 2021-06-18
Vendor Cve Last vendor Modification 2021-06-22

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 7.5
Base Score 7.5 Environmental Score 7.5
impact SubScore 3.6 Temporal Score 7.5
Exploitabality Sub Score 3.9
 
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Contiki-NG is an open-source, cross-platform operating system for internet of things devices. In verions prior to 4.6, an attacker can perform a denial-of-service attack by triggering an infinite loop in the processing of IPv6 neighbor solicitation (NS) messages. This type of attack can effectively shut down the operation of the system because of the cooperative scheduling used for the main parts of Contiki-NG and its communication stack. The problem has been patched in Contiki-NG 4.6. Users can apply the patch for this vulnerability out-of-band as a workaround.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21279

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 2

Sources (Detail)

Source Url
CONFIRM https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-rr5j-j8m8-fc4f

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2021-06-23 00:22:50
  • Multiple Updates
2021-06-21 21:23:08
  • Multiple Updates
2021-06-21 17:22:48
  • Multiple Updates
2021-06-19 05:22:49
  • First insertion