{"id":"CVE-2019-9750","details":"In IoTivity through 1.3.1, the CoAP server interface can be used for Distributed Denial of Service attacks using source IP address spoofing and UDP-based traffic amplification. The reflected traffic is 6 times bigger than spoofed requests. This occurs because the construction of a \"4.01 Unauthorized\" response is mishandled. NOTE: the vendor states \"While this is an interesting attack, there is no plan for maintainer to fix, as we are migrating to IoTivity Lite.\"","modified":"2026-04-10T04:23:41.554347Z","published":"2019-03-13T19:29:00.347Z","references":[{"type":"REPORT","url":"https://jira.iotivity.org/browse/IOT-3267"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/iotivity/iotivity","events":[{"introduced":"0"},{"last_affected":"633dc231b8d9967520627528a92506efca7cebcd"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.3.1"}]}}],"versions":["0.9.0","0.9.0-RC1","0.9.1-alpha1","1.3.1","1.3.1-RC1","1.3.1-RC2","1.3.1-RC3","1.3.1-RC4","1.3.1-RC5","1.3.1-RC6","1.3.1-RC7","M1-RC2","Plugfest-1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9750.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"}]}