CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12884
https://notcve.org/view.php?id=CVE-2020-12884
A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options that may occur multiple consecutive times in a single packet. While processing the options, packet_data_pptr is accessed after being incremented by option_len without a prior out-of-bounds memory check. The temp_parsed_uri_query_ptr is validated for a correct range, but the range valid for temp_parsed_uri_query_ptr is derived from the amount of allocated heap memory, not the actual input size. • https://github.com/ARMmbed/mbed-coap/pull/116 https://github.com/ARMmbed/mbed-os/issues/12928 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12885
https://notcve.org/view.php?id=CVE-2020-12885
An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options in a while loop. This loop's exit condition is computed using the previously allocated heap memory required for storing the result of parsing multiple options. If the input heap memory calculation results in zero bytes, the loop exit condition is never met and the loop is not terminated. • https://github.com/ARMmbed/mbed-coap/pull/116 https://github.com/ARMmbed/mbed-os/issues/12929 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12886
https://notcve.org/view.php?id=CVE-2020-12886
A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP packet header starting from the message token. The length of the token in the received message is provided in the first byte parsed by the sn_coap_parser_options_parse() function. The length encoded in the message is not validated against the actual input buffer length before accessing the token. • https://github.com/ARMmbed/mbed-coap/pull/116 https://github.com/ARMmbed/mbed-os/issues/12948 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-12887
https://notcve.org/view.php?id=CVE-2020-12887
Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap library 5.1.5. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP option number field of all options present in the input packet. Each option number is calculated as a sum of the previous option number and a delta of the current option. The delta and the previous option number are expressed as unsigned 16-bit integers. • https://github.com/ARMmbed/mbed-coap/pull/116 https://github.com/ARMmbed/mbed-os/issues/12930 https://github.com/ARMmbed/mbed-os/issues/12957 https://github.com/mjurczak/mbed-coap/commit/4647a68e364401e81dbd370728127d844f221d93 • CWE-190: Integer Overflow or Wraparound CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2020-10932
https://notcve.org/view.php?id=CVE-2020-10932
An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS. Se detectó un problema en Arm Mbed TLS versiones anteriores a 2.16.6 y 2.7.x versiones anteriores a 2.7.15. Un atacante que puede obtener mediciones de canal lateral lo suficientemente precisas que puede recuperar la clave privada ECDSA a largo plazo al (1) reconstruir la coordenada proyectiva del resultado de la multiplicación escalar explotando canales laterales en la conversión a coordenadas afines; (2) usar un ataque descrito por Naccache, Smart y Stern en 2003 para recuperar algunos bits del escalar efímero de esas coordenadas proyectivas por medio de varias mediciones; y (3) usar un ataque de red para llegar desde allí a la clave privada ECDSA a largo plazo utilizada para las firmas. • https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCWN5HIF4CJ2LZTOMEBJ7Q4IMMV7ZU2V https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNOS2IIBH5WNJXZUV546PY7666DE7Y3L https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released https://tls.mbed.org/tech-updates/security-advisories https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advi • CWE-203: Observable Discrepancy CWE-327: Use of a Broken or Risky Cryptographic Algorithm •