CVE Catalog

CVE-2026-9267

MediumCVSS 6.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile — higher than 7% of all known CVEs

Summary

Eclipse tinydtls before commit b3efd41ad111a4920f599f51ffa4f5e9f1e72221 contains an out-of-bounds read vulnerability in the check_server_certificate() function. An unauthenticated attacker can trigger reads beyond valid buffer boundaries by crafting a Certificate handshake message with a specific fragment_length value.

Risk Assessment

Attackers can exploit missing buffer length validation before uint24 reads, memcmp, and memcpy operations during DTLS epoch 0, causing denial of service on memory-constrained devices.

Recommendation

Update Eclipse tinydtls to a version containing commit b3efd41ad111a4920f599f51ffa4f5e9f1e72221 or later immediately.

Original NVD description (English source)

Eclipse tinydtls before commit b3efd41ad111a4920f599f51ffa4f5e9f1e72221 contains an out-of-bounds read vulnerability in the check_server_certificate() function that allows unauthenticated attackers to trigger reads beyond valid buffer boundaries by crafting a Certificate handshake message with a specific fragment_length value. Attackers can exploit missing buffer length validation before uint24 reads, memcmp, and memcpy operations during DTLS epoch 0 on both client and server paths to cause denial of service on memory-constrained devices.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS