CVE-2020-12885
Last modified
CVE-2020-12885 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. EPSS estimates a 1.23% chance of exploitation in the next 30 days.
Description
An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options in a while loop. This loop's exit condition is computed using the previously allocated heap memory required for storing the result of parsing multiple options. If the input heap memory calculation results in zero bytes, the loop exit condition is never met and the loop is not terminated. As a result, the packet parsing function never exits, leading to resource consumption.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Arm | Mbed Os | 5.15.3 |
References
- https://github.com/ARMmbed/mbed-coap/pull/116Third Party Advisory
- https://github.com/ARMmbed/mbed-os/issues/12929Third Party Advisory
- https://github.com/ARMmbed/mbed-coap/pull/116Third Party Advisory
- https://github.com/ARMmbed/mbed-os/issues/12929Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-12885?
How severe is CVE-2020-12885?
How do I fix CVE-2020-12885?
Are you affected by CVE-2020-12885?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST