Memory Leak Vulnerability in CoAP Library of Arm Mbed OS
CVE-2020-12887

7.5HIGH

Key Information:

Vendor

Arm
Status
Mbed-coap
Vendor
CVE Published:
18 June 2020

What is CVE-2020-12887?

A memory leak has been identified in the CoAP library of Arm Mbed OS 5.15.3 when utilizing the mbed-coap library 5.1.5. The vulnerability stems from inadequate overflow detection during the parsing of CoAP packets. Specifically, the method sn_coap_parser_options_parse() fails to check if memory has already been allocated for options such as COAP_OPTION_URI_QUERY and COAP_OPTION_URI_PATH. This oversight allows for the possibility of an attacker crafting a specially designed packet that results in the same option number being processed repeatedly, leading to multiple memory allocations without corresponding deallocations. Consequently, memory allocated by these options can become orphaned, leading to leaks that diminish system performance and could be targeted for exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/ARMmbed/mbed-os/issues/12957
x_refsource_MISC
https://github.com/ARMmbed/mbed-os/issues/12930
x_refsource_MISC
https://github.com/mjurczak/mbed-coap/commit/4647a68e3644...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.