Buffer Over-Reads in CoAP Library of Arm Mbed OS
CVE-2020-12883

9.1CRITICAL

Key Information:

Vendor
Arm
Status
Mbed Os
Vendor
CVE Published:
18 June 2020

Summary

A vulnerability was identified in the CoAP library of Arm Mbed OS 5.15.3, where buffer over-reads can occur during CoAP packet parsing. The issue arises in the function responsible for parsing options, which fails to properly verify the input packet length against the number of bytes read. This results in access to memory locations either on the heap or stack outside the intended boundary of the buffer, potentially leading to unauthorized memory access or processing of unintended inputs. Depending on the platform's memory management, this flaw could lead to system instability and security breaches.

References

https://github.com/ARMmbed/mbed-os/issues/12925
x_refsource_MISC
https://github.com/ARMmbed/mbed-os/issues/12926
x_refsource_MISC
https://github.com/ARMmbed/mbed-os/issues/12927
x_refsource_MISC

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.