Buffer Over-Read in CoAP Library of Arm Mbed OS
CVE-2020-12886
9.1CRITICAL
What is CVE-2020-12886?
A buffer over-read vulnerability exists in the CoAP library of Arm Mbed OS 5.15.3. The issue arises within the sn_coap_parser_options_parse() function, where the length of the message token is specified in the first byte of a CoAP packet. However, there is no validation of this token length against the actual input buffer, leading to potential memory access outside the designated buffer boundaries. This flaw can result in unexpected behavior or information leaks, highlighting the need for careful input validation to ensure robust security.