CVE-2021-38387 : In Contiki 3.0, a Telnet server that silently quits (before disconnection with c

In Contiki 3.0, a Telnet server that silently quits (before disconnection with clients) leads to connected clients entering an infinite loop and waiting forever, which may cause excessive CPU consumption.

Published 2021-08-10 19:15:08

Updated 2022-05-03 16:04:40

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2021-38387

Contiki-os » Contiki » Version: 3.0
cpe:2.3:o:contiki-os:contiki:3.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-38387

EPSS FAQ

0.33%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 53 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-38387

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2021-38387

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-38387

https://github.com/contiki-os/contiki/issues/2688

Silent quit of telnet servers leading to clients waiting forever · Issue #2688 · contiki-os/contiki · GitHub
Third Party Advisory

Jump to

Vulnerability Details : CVE-2021-38387

Products affected by CVE-2021-38387

Exploit prediction scoring system (EPSS) score for CVE-2021-38387

CVSS scores for CVE-2021-38387

CWE ids for CVE-2021-38387

References for CVE-2021-38387