CVE-2020-12885

EPSS 0.38%
Published 18.06.2020 19:15:10
Last modified 21.11.2024 05:00:29
Source cve@mitre.org
Teams watchlist Login
Open Login

An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options in a while loop. This loop's exit condition is computed using the previously allocated heap memory required for storing the result of parsing multiple options. If the input heap memory calculation results in zero bytes, the loop exit condition is never met and the loop is not terminated. As a result, the packet parsing function never exits, leading to resource consumption.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Arm ≫ Mbed Os Version5.15.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.38%	0.566

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://github.com/ARMmbed/mbed-coap/pull/116

Third Party Advisory

https://github.com/ARMmbed/mbed-os/issues/12929

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-12885

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-12885

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-12885

EUVD