CVE-2026-9267
Received Received - Intake

Out-of-Bounds Read in Eclipse tinydtls

Publication date: 2026-06-29

Last updated on: 2026-06-29

Assigner: Eclipse Foundation

Description
Eclipse tinydtls before commitΒ b3efd41ad111a4920f599f51ffa4f5e9f1e72221 contains an out-of-bounds read vulnerability in the check_server_certificate() function that allows unauthenticated attackers to trigger reads beyond valid buffer boundaries by crafting a Certificate handshake message with a specific fragment_length value. Attackers can exploit missing buffer length validation before uint24 reads, memcmp, and memcpy operations during DTLS epoch 0 on both client and server paths to cause denial of service on memory-constrained devices.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-29
Last Modified
2026-06-29
Generated
2026-06-29
AI Q&A
2026-06-29
EPSS Evaluated
N/A
NVD
CVE-2026-9267
EUVD
EUVD-2026-40054

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
eclipse tinydtls to b3efd41ad111a4920f599f51ffa4f5e9f1e72221 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-9267 is an out-of-bounds read vulnerability in Eclipse tinydtls, specifically in the check_server_certificate() function.

The flaw occurs because the function lacks proper buffer length validation before performing certain operations like uint24 reads, memcmp, and memcpy during DTLS epoch 0.

An unauthenticated attacker can exploit this by crafting a Certificate handshake message with a specially chosen fragment_length value, causing the program to read beyond the valid buffer boundaries.

Impact Analysis

Exploiting this vulnerability can cause a denial of service (DoS) condition, especially on memory-constrained devices.

Since the vulnerability allows out-of-bounds reads, it can lead to crashes or unstable behavior in applications using Eclipse tinydtls.

Mitigation Strategies

To mitigate this vulnerability, update Eclipse tinydtls to a version that includes the fix from commit b3efd41ad111a4920f599f51ffa4f5e9f1e72221, which addresses the out-of-bounds read issue in the check_server_certificate() function.

Avoid processing untrusted Certificate handshake messages with crafted fragment_length values until the patch is applied.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9267. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart