CVE-2020-12883
https://notcve.org/view.php?id=CVE-2020-12883
Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point (*packet_data_pptr) is increased correspondingly. The pointer is restricted by the size of the received buffer, as well as by the option delta and option length bytes. • https://github.com/ARMmbed/mbed-coap/pull/116 https://github.com/ARMmbed/mbed-os/issues/12925 https://github.com/ARMmbed/mbed-os/issues/12926 https://github.com/ARMmbed/mbed-os/issues/12927 • CWE-125: Out-of-bounds Read •
CVE-2020-12884
https://notcve.org/view.php?id=CVE-2020-12884
A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options that may occur multiple consecutive times in a single packet. While processing the options, packet_data_pptr is accessed after being incremented by option_len without a prior out-of-bounds memory check. The temp_parsed_uri_query_ptr is validated for a correct range, but the range valid for temp_parsed_uri_query_ptr is derived from the amount of allocated heap memory, not the actual input size. • https://github.com/ARMmbed/mbed-coap/pull/116 https://github.com/ARMmbed/mbed-os/issues/12928 • CWE-125: Out-of-bounds Read •
CVE-2020-12885
https://notcve.org/view.php?id=CVE-2020-12885
An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options in a while loop. This loop's exit condition is computed using the previously allocated heap memory required for storing the result of parsing multiple options. If the input heap memory calculation results in zero bytes, the loop exit condition is never met and the loop is not terminated. • https://github.com/ARMmbed/mbed-coap/pull/116 https://github.com/ARMmbed/mbed-os/issues/12929 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2020-12886
https://notcve.org/view.php?id=CVE-2020-12886
A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP packet header starting from the message token. The length of the token in the received message is provided in the first byte parsed by the sn_coap_parser_options_parse() function. The length encoded in the message is not validated against the actual input buffer length before accessing the token. • https://github.com/ARMmbed/mbed-coap/pull/116 https://github.com/ARMmbed/mbed-os/issues/12948 • CWE-125: Out-of-bounds Read •
CVE-2020-12887
https://notcve.org/view.php?id=CVE-2020-12887
Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap library 5.1.5. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP option number field of all options present in the input packet. Each option number is calculated as a sum of the previous option number and a delta of the current option. The delta and the previous option number are expressed as unsigned 16-bit integers. • https://github.com/ARMmbed/mbed-coap/pull/116 https://github.com/ARMmbed/mbed-os/issues/12930 https://github.com/ARMmbed/mbed-os/issues/12957 https://github.com/mjurczak/mbed-coap/commit/4647a68e364401e81dbd370728127d844f221d93 • CWE-190: Integer Overflow or Wraparound CWE-401: Missing Release of Memory after Effective Lifetime •