CVE-2021-40523

Name of the Vulnerable Software and Affected Versions Contiki version 3.0

Description The issue arises from mishandled Telnet option negotiation between a server and a client. Specifically, the server may fail to provide the necessary WILL/WONT or DO/DONT response for DO and WILL commands due to improper handling of exception conditions. This can lead to property violations and denial of service. The problem occurs because a fixed buffer space is allocated for all responses, and this space may become exhausted, causing the server to send no response.

Recommendations For Contiki version 3.0, consider implementing proper exception handling for Telnet option negotiations to prevent buffer exhaustion and ensure the server provides the required responses for DO and WILL commands. As a temporary workaround, consider restricting or closely monitoring Telnet negotiations to minimize the risk of denial of service.