CVE-2021-38311

Name of the Vulnerable Software and Affected Versions: Contiki version 3.0

Description: The issue exists in the Telnet service of Contiki, where potential nonterminating acknowledgment loops can occur. When negotiated options are already disabled, servers still respond to DONT and WONT requests with WONT or DONT commands. This may lead to infinite acknowledgment loops, denial of service, and excessive CPU consumption.

Recommendations: For Contiki version 3.0, as a temporary workaround, consider disabling the Telnet service until a patch is available. Restrict access to the Telnet module to minimize the risk of exploitation. Avoid using the DONT and WONT requests in the affected Telnet service until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.