[FD] ODR violation in Redis Raft

[Suggested description] Redis raft master-1b8bd86 to master-7b46079 was discovered to contain an ODR violation via the component hiredisAllocFns at /opt/fs/redisraft/deps/hiredis/alloc.c. [VulnerabilityType Other] AddressSanitizer: odr-violation [Vendor of Product] Redis [Affected Product Code

[FD] Incorrect handshake in TinyDTLS

About CVE-2021-42141: [Suggested description] An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause denial of service. [Vul

[FD] Mishandle epoch number in TinyDTLS servers

About CVE-2021-42142: [Suggested description] An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. DTLS servers mishandle the early use of a large epoch number. This vulnerability allows remote attackers to cause a denial of service and false-positive packet drops. [VulnerabilityT

[FD] Infinite loop leading to buffer overflow in TinyDTLS

[Suggested description] An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with a

[FD] Buffer over-read in TinyDTLS

[Suggested description] An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. Incorrect handling of over-large packets in dtls_ccm_decrypt_message() causes a buffer over-read that can expose sensitive information. [Vulnerability Type] Buffer Overflow [Vendor of Product] https://git

[FD] Assertion failure in check_certificate_request() of TinyDTLS

[Suggested description] An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. An assertion failure in check_certificate_request() causes the server to exit unexpectedly (a denial of service). [VulnerabilityType Other] Improper Handling of exception conditions [Vendor of Product] ht

[FD] Misues same epoch number within TCP lifetime in TinyDTLS

[Suggested description] An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime, which is prohibited in RFC6347. This vulnerability allows remote attackers to obtain se

[FD] Buffer over-read in dtls_sha256_update of TinyDTLS

[Suggested description] An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. A buffer over-read exists in the dtls_sha256_update function. This bug allows remote attackers to cause a denial of service (crash) and possibly read sensitive information by sending a malformed packet wit

[FD] Legends of IdleOn - I Reject Your RNG And Substitute My Own

Hello Full Disclosure mailing list! Legends of IdleOn is a popular free-to-play game on Android, iOS, Steam, and Web. While playing around with it last year, I got curious and noticed a trivial way to manipulate the random number generator. After six months of radio silence from the developer, in