Details of VAR-201703-1226

ID

VAR-201703-1226

CVE

CVE-2017-7243

TITLE

Eclipse IoT for Eclipse tinydtls Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-002668

DESCRIPTION

Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause a denial of service (DTLS peer crash) by sending a "Change cipher spec" packet without pre-handshake. Eclipse IoT is a free and open source project from the Eclipse Foundation for jointly building open technology-based IoT projects. Eclipse tinydtls is a library for data security transport layer (DTLS) covering clients and data state servers. There are security vulnerabilities in the Eclipse tinydtls 0.8.2 version based on the Eclipse IoT platform. Eclipse tinydtls is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition. Due to the nature of this issue, code execution may be possible but this has not been confirmed. Attackers can exploit this issue to crash the affected application, resulting in denial-of-service condition

Trust: 3.06

sources: NVD: CVE-2017-7243 // JVNDB: JVNDB-2017-002668 // CNVD: CNVD-2017-10991 // CNNVD: CNNVD-201703-1013 // BID: 97193 // VULMON: CVE-2017-7243

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-10991

AFFECTED PRODUCTS

vendor:

eclipse

model:

tinydtls

scope:

version:

0.8.2

Trust: 3.3

sources: CNVD: CNVD-2017-10991 // BID: 97193 // JVNDB: JVNDB-2017-002668 // CNNVD: CNNVD-201703-1013 // NVD: CVE-2017-7243

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-7243
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-7243
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-10991
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201703-1013
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2017-7243
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-7243
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-10991
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-7243
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-10991 // VULMON: CVE-2017-7243 // JVNDB: JVNDB-2017-002668 // CNNVD: CNNVD-201703-1013 // NVD: CVE-2017-7243

PROBLEMTYPE DATA

problemtype:

CWE-476

Trust: 1.8

sources: JVNDB: JVNDB-2017-002668 // NVD: CVE-2017-7243

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-1013

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201703-1013

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-002668

PATCH

title:	tinydtls	url:	https://github.com/k1rh4/CVE/blob/master/tinydtls	Trust: 0.8
title:	-	url:	https://github.com/q40603/Continuous-Invivo-Fuzz	Trust: 0.1

sources: VULMON: CVE-2017-7243 // JVNDB: JVNDB-2017-002668

EXTERNAL IDS

db:	NVD	id:	CVE-2017-7243	Trust: 3.4
db:	BID	id:	97193	Trust: 2.0
db:	JVNDB	id:	JVNDB-2017-002668	Trust: 0.8
db:	CNVD	id:	CNVD-2017-10991	Trust: 0.6
db:	CNNVD	id:	CNNVD-201703-1013	Trust: 0.6
db:	VULMON	id:	CVE-2017-7243	Trust: 0.1

sources: CNVD: CNVD-2017-10991 // VULMON: CVE-2017-7243 // BID: 97193 // JVNDB: JVNDB-2017-002668 // CNNVD: CNNVD-201703-1013 // NVD: CVE-2017-7243

REFERENCES

url:	https://github.com/k1rh4/cve/blob/master/tinydtls	Trust: 2.0
url:	https://gist.github.com/k1rh4/25dcb124aef2a8a2a5f4677d64d1998b	Trust: 2.0
url:	http://www.securityfocus.com/bid/97193	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7243	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7243	Trust: 0.8
url:	https://projects.eclipse.org/proposals/tinydtls	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/476.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/q40603/continuous-invivo-fuzz	Trust: 0.1

sources: CNVD: CNVD-2017-10991 // VULMON: CVE-2017-7243 // BID: 97193 // JVNDB: JVNDB-2017-002668 // CNNVD: CNNVD-201703-1013 // NVD: CVE-2017-7243

CREDITS

sangsup.lee (k1rh4) , sunwoo.kim(hamzzi)

Trust: 0.3

sources: BID: 97193

SOURCES

db:	CNVD	id:	CNVD-2017-10991
db:	VULMON	id:	CVE-2017-7243
db:	BID	id:	97193
db:	JVNDB	id:	JVNDB-2017-002668
db:	CNNVD	id:	CNNVD-201703-1013
db:	NVD	id:	CVE-2017-7243

LAST UPDATE DATE

2025-04-20T23:13:15.128000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-10991	date:	2017-06-23T00:00:00
db:	VULMON	id:	CVE-2017-7243	date:	2017-03-31T00:00:00
db:	BID	id:	97193	date:	2017-04-04T01:01:00
db:	JVNDB	id:	JVNDB-2017-002668	date:	2017-04-25T00:00:00
db:	CNNVD	id:	CNNVD-201703-1013	date:	2017-03-28T00:00:00
db:	NVD	id:	CVE-2017-7243	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-10991	date:	2017-06-23T00:00:00
db:	VULMON	id:	CVE-2017-7243	date:	2017-03-24T00:00:00
db:	BID	id:	97193	date:	2017-03-24T00:00:00
db:	JVNDB	id:	JVNDB-2017-002668	date:	2017-04-25T00:00:00
db:	CNNVD	id:	CNNVD-201703-1013	date:	2017-03-24T00:00:00
db:	NVD	id:	CVE-2017-7243	date:	2017-03-24T15:59:01.293