CVE-2021-34430

Summary

Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic.

Affected Software

VendorProductVersion RangeStatus
The Eclipse FoundationEclipse TinyDTLSunspecified <= 0.9-rc1affected

Weaknesses

  • CWE-338: CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

ADP Enrichment

CVE Program Container

Additional References

References