Vulnerability Details : CVE-2018-12680
The Serialize.deserialize() method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, CoAP reverse proxy, example collect CoAP server and client) when they receive crafted CoAP messages.
Vulnerability category: Denial of service
Products affected by CVE-2018-12680
- cpe:2.3:a:coapthon_project:coapthon:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:coapthon_project:coapthon:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:coapthon_project:coapthon:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:coapthon_project:coapthon:3.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-12680
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 36 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-12680
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-12680
-
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-12680
-
https://github.com/Tanganelli/CoAPthon/issues/135
Denial of Service vulnerability caused by improper exception handling while parsing of CoAP messages · Issue #135 · Tanganelli/CoAPthon · GitHubExploit;Issue Tracking;Third Party Advisory
Jump to