7.5

CVE-2018-12680

Exploit

EPSS 1.46%
Veröffentlicht 02.04.2019 20:29:00
Zuletzt bearbeitet 21.11.2024 03:45:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Serialize.deserialize() method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, CoAP reverse proxy, example collect CoAP server and client) when they receive crafted CoAP messages.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 4 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Coapthon Project ≫ Coapthon Version3.1

Coapthon Project ≫ Coapthon Version4.0.0

Coapthon Project ≫ Coapthon Version4.0.1

Coapthon Project ≫ Coapthon Version4.0.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.46%	0.702

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://github.com/Tanganelli/CoAPthon/issues/135

Third Party Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2018-12680

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-12680

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-12680

EUVD