Infinite Loop in CoAP Library of Arm Mbed OS 5.15.3
CVE-2020-12885

7.5HIGH

Key Information:

Vendor: Arm
Status: Mbed Os
Vendor: CVE Published:; 18 June 2020

Summary

An infinite loop vulnerability exists in the CoAP library of Arm Mbed OS 5.15.3, specifically within the sn_coap_parser_options_parse_multiple_options() function. This function is responsible for parsing CoAP packets and, due to a flaw in the loop's exit condition, can enter an endless loop. This occurs when the calculated heap memory required to store parsed options equates to zero bytes, causing the loop to never terminate. The result is excessive resource consumption that can lead to degraded performance or service denial.

References

https://github.com/ARMmbed/mbed-os/issues/12929

x_refsource_MISC

https://github.com/ARMmbed/mbed-coap/pull/116

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 18, 2020
Vulnerability Reserved
May 15, 2020