CVE-2020-12886

Published: Jun 18, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP packet header starting from the message token. The length of the token in the received message is provided in the first byte parsed by the sn_coap_parser_options_parse() function. The length encoded in the message is not validated against the actual input buffer length before accessing the token. As a result, memory access outside of the intended boundary of the buffer may occur.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/ARMmbed/mbed-os/issues/12948

x_refsource_MISC

https://github.com/ARMmbed/mbed-coap/pull/116

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-12886

Description

Affected Products

References