CVE-2021-38311
7.5 HIGHIn Contiki 3.0, potential nonterminating acknowledgment loops exist in the Telnet service
Published: 2021-08-09 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-835
Affected products
| Vendor | Product |
|---|---|
| contiki-os | contiki |
Description
In Contiki 3.0, potential nonterminating acknowledgment loops exist in the Telnet service. When the negotiated options are already disabled, servers still respond to DONT and WONT requests with WONT or DONT commands, which may lead to infinite acknowledgment loops, denial of service, and excessive CPU consumption.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2021-40523 — In Contiki 3.0, Telnet option negotiation is mishandled (7.5 HIGH)
- CVE-2021-38387 — In Contiki 3.0, a Telnet server that silently quits (before disconnection with clients) leads to connected clients entering an infinite l... (7.5 HIGH)
- CVE-2021-38386 — In Contiki 3.0, a buffer overflow in the Telnet service allows remote attackers to cause a denial of service because the ls command is mi... (7.5 HIGH)
Same CWE
- CVE-2026-48733 — ImageMagick is free and open-source software used for editing and manipulating digital images (4.7 MEDIUM)
- CVE-2026-46521 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)
- CVE-2026-46522 — ImageMagick is free and open-source software used for editing and manipulating digital images (7.5 HIGH)
- CVE-2026-49495 — Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie() that lacks cycle detection ... (5.5 MEDIUM)
- CVE-2025-71330 — image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event l... (7.5 HIGH)