CVE-2019-9750

Name of the Vulnerable Software and Affected Versions IoTivity versions prior to 1.3.1 (note: 1.3.1 is the last version mentioned as affected, but no fixed version is provided)

Description The issue allows for Distributed Denial of Service attacks using source IP address spoofing and UDP-based traffic amplification through the CoAP server interface. The reflected traffic can be 6 times bigger than the spoofed requests due to the mishandling of the construction of a "4.01 Unauthorized" response.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.