Vulnerability Details : CVE-2019-17212
Buffer overflows were discovered in the CoAP library in Arm Mbed OS 5.14.0. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point (*packet_data_pptr) is increased correspondingly. The pointer is restricted by the size of the received buffer, as well as by the 0xFF delimiter byte. Inside each while loop, the check of the value of *packet_data_pptr is not strictly enforced. More specifically, inside a loop, *packet_data_pptr could be increased and then dereferenced without checking. Moreover, there are many other functions in the format of sn_coap_parser_****() that do not check whether the pointer is within the bounds of the allocated buffer. All of these lead to heap-based or stack-based buffer overflows, depending on how the CoAP packet buffer is allocated.
Vulnerability category: Memory Corruption
Products affected by CVE-2019-17212
- cpe:2.3:o:mbed:mbed:5.13.2:*:*:*:*:*:*:*
- cpe:2.3:o:mbed:mbed:5.14.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-17212
2.82%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-17212
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-17212
-
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.Assigned by: nvd@nist.gov (Primary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-17212
-
https://github.com/ARMmbed/mbed-os/blob/d91ed5fa42ea0f32e4422a3c562e7b045a17da40/features/frameworks/mbed-coap/source/sn_coap_parser.c#L313
mbed-os/sn_coap_parser.c at d91ed5fa42ea0f32e4422a3c562e7b045a17da40 · ARMmbed/mbed-os · GitHubThird Party Advisory
-
https://github.com/ARMmbed/mbed-os/blob/d91ed5fa42ea0f32e4422a3c562e7b045a17da40/features/frameworks/mbed-coap/source/sn_coap_parser.c#L660
mbed-os/sn_coap_parser.c at d91ed5fa42ea0f32e4422a3c562e7b045a17da40 · ARMmbed/mbed-os · GitHubThird Party Advisory
-
https://github.com/ARMmbed/mbed-os/blob/d91ed5fa42ea0f32e4422a3c562e7b045a17da40/features/frameworks/mbed-coap/source/sn_coap_parser.c#L331
mbed-os/sn_coap_parser.c at d91ed5fa42ea0f32e4422a3c562e7b045a17da40 · ARMmbed/mbed-os · GitHubThird Party Advisory
-
https://github.com/ARMmbed/mbed-os/issues/11803
memory acess out of range in MbedOS CoAP library parser part · Issue #11803 · ARMmbed/mbed-os · GitHubIssue Tracking;Third Party Advisory
-
https://github.com/ARMmbed/mbed-os/blob/d91ed5fa42ea0f32e4422a3c562e7b045a17da40/features/frameworks/mbed-coap/source/sn_coap_parser.c#L310
mbed-os/sn_coap_parser.c at d91ed5fa42ea0f32e4422a3c562e7b045a17da40 · ARMmbed/mbed-os · GitHubThird Party Advisory
-
https://github.com/ARMmbed/mbed-os/blob/d91ed5fa42ea0f32e4422a3c562e7b045a17da40/features/frameworks/mbed-coap/source/sn_coap_parser.c#L301
mbed-os/sn_coap_parser.c at d91ed5fa42ea0f32e4422a3c562e7b045a17da40 · ARMmbed/mbed-os · GitHubThird Party Advisory
-
https://github.com/ARMmbed/mbed-os/blob/d91ed5fa42ea0f32e4422a3c562e7b045a17da40/features/frameworks/mbed-coap/source/sn_coap_parser.c#L257
mbed-os/sn_coap_parser.c at d91ed5fa42ea0f32e4422a3c562e7b045a17da40 · ARMmbed/mbed-os · GitHubThird Party Advisory
Jump to