{"api_version":"1","generated_at":"2026-04-23T01:32:52+00:00","cve":"CVE-2021-38311","urls":{"html":"https://cve.report/CVE-2021-38311","api":"https://cve.report/api/cve/CVE-2021-38311.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-38311","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-38311"},"summary":{"title":"CVE-2021-38311","description":"In Contiki 3.0, potential nonterminating acknowledgment loops exist in the Telnet service. When the negotiated options are already disabled, servers still respond to DONT and WONT requests with WONT or DONT commands, which may lead to infinite acknowledgment loops, denial of service, and excessive CPU consumption.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2021-08-09 22:15:00","updated_at":"2021-08-17 18:36:00"},"problem_types":["CWE-835"],"metrics":[],"references":[{"url":"https://github.com/contiki-os/contiki/issues/2685","name":"https://github.com/contiki-os/contiki/issues/2685","refsource":"MISC","tags":[],"title":"Telnet servers potentially lead to nonterminating acknowledgment loops · Issue #2685 · contiki-os/contiki · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-38311","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-38311","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"38311","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"contiki-os","cpe5":"contiki","cpe6":"3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2021-38311","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In Contiki 3.0, potential nonterminating acknowledgment loops exist in the Telnet service. When the negotiated options are already disabled, servers still respond to DONT and WONT requests with WONT or DONT commands, which may lead to infinite acknowledgment loops, denial of service, and excessive CPU consumption."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://github.com/contiki-os/contiki/issues/2685","refsource":"MISC","name":"https://github.com/contiki-os/contiki/issues/2685"}]}},"nvd":{"publishedDate":"2021-08-09 22:15:00","lastModifiedDate":"2021-08-17 18:36:00","problem_types":["CWE-835"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:contiki-os:contiki:3.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"38311","Ordinal":"213969","Title":"CVE-2021-38311","CVE":"CVE-2021-38311","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"38311","Ordinal":"1","NoteData":"In Contiki 3.0, potential nonterminating acknowledgment loops exist in the Telnet service. When the negotiated options are already disabled, servers still respond to DONT and WONT requests with WONT or DONT commands, which may lead to infinite acknowledgment loops, denial of service, and excessive CPU consumption.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"38311","Ordinal":"2","NoteData":"2021-08-09","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"38311","Ordinal":"3","NoteData":"2021-08-09","Type":"Other","Title":"Modified"}]}}}