Mbed Os
CVE-2020-12885
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options in a while loop. This loop's exit condition is computed using the previously allocated heap memory required for storing the result of parsing multiple options. If the input heap memory calculation results in zero bytes, the loop exit condition is never met and the loop is not terminated. As a result, the packet parsing function never exits, leading to resource consumption.
AnalysisAI
An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-835. An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options in a while loop. This loop's exit condition is computed using the previously allocated heap memory required for storing the result of parsing multiple options. If the input heap memory calculation results in zero bytes, the loop exit condition is never met and the loop is not terminated. As a result, the packet parsing function never exits, leading to resource consumption. Affected products include: Arm Mbed Os.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An issue was discovered in MBed OS 6.16.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitabl
A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. Rated critical severity (CVSS 9.1), this vu
A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. Rated critical severity (CVSS 9.1), this vu
Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3. Rated critical severity (CVSS 9.1), this vu
A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02. Rated high severity (CVSS 7.5),
Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote attacker to execute arbitrary code via a crafted s
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today