CVE-2026-9267

Summary

Eclipse tinydtls before commit b3efd41ad111a4920f599f51ffa4f5e9f1e72221 contains an out-of-bounds read vulnerability in the check_server_certificate() function that allows unauthenticated attackers to trigger reads beyond valid buffer boundaries by crafting a Certificate handshake message with a specific fragment_length value. Attackers can exploit missing buffer length validation before uint24 reads, memcmp, and memcpy operations during DTLS epoch 0 on both client and server paths to cause denial of service on memory-constrained devices.

Affected Software

VendorProductVersion RangeStatus
Eclipse FoundationEclipse tinydtls0 < b3efd41ad111a4920f599f51ffa4f5e9f1e72221affected

Weaknesses

  • CWE-125: CWE-125 Out-of-bounds read

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References