Closed NErinola closed 2 years ago
Just to mention: If the vulnerability is about tinydtls, the development is done in the eclipse/tinydtls repository. Check there for the "develop" branch. If you find a vulnerability also there, please follow the guidance in www.eclipse.org - security.
Before you report such a vulnerability, please check, if it is already pending:
(Not all bugs are vulnerabilities, especially issue in demo-apps are hardly a real vulnerability.)
Thanks for the quick response.
Our finding is fixed in the develop branch of eclipse/tinydtls with #115. Therefore we refrain from taking any further steps.
If you currently develop with contiki-ng, maybe you can check, if update tinydtls to the current develop works with it as well.
See Update/test tinydtls to Eclipse/Tinydtls branch "develop".
How can we report a discovered security vulnerability? The security policy on GitHub is empty, so we do not have a contact to report a security vulnerability.
Best regards, Nurullah Erinola