CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22905
https://notcve.org/view.php?id=CVE-2024-22905
19 Apr 2024 — Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote attacker to execute arbitrary code via a crafted script to the hciTrSerialRxIncoming function. Vulnerabilidad de desbordamiento de búfer en ARM mbed-os v.6.17.0 permite a un atacante remoto ejecutar código arbitrario a través de un script manipulado para la función hciTrSerialRxIncoming. • https://github.com/ARMmbed/mbed-os/blob/7c7d20da6527885237094d9d50ce099404414201/connectivity/FEATURE_BLE/source/cordio/stack_adaptation/hci_tr.c#L125 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12883
https://notcve.org/view.php?id=CVE-2020-12883
18 Jun 2020 — Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point (*packet_data_pptr) is increased correspondingly. The pointer is restricted by the size of the received buffer, as well as by the option delta and option length bytes. • https://github.com/ARMmbed/mbed-coap/pull/116 • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12884
https://notcve.org/view.php?id=CVE-2020-12884
18 Jun 2020 — A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options that may occur multiple consecutive times in a single packet. While processing the options, packet_data_pptr is accessed after being incremented by option_len without a prior out-of-bounds memory check. The temp_parsed_uri_query_ptr is validated for a correct range, but the range valid f... • https://github.com/ARMmbed/mbed-coap/pull/116 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12885
https://notcve.org/view.php?id=CVE-2020-12885
18 Jun 2020 — An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options in a while loop. This loop's exit condition is computed using the previously allocated heap memory required for storing the result of parsing multiple options. If the input heap memory calculation results in zero bytes, the loop exit condition is never met and the loop is not terminated. • https://github.com/ARMmbed/mbed-coap/pull/116 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12886
https://notcve.org/view.php?id=CVE-2020-12886
18 Jun 2020 — A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP packet header starting from the message token. The length of the token in the received message is provided in the first byte parsed by the sn_coap_parser_options_parse() function. The length encoded in the message is not validated against the actual input buffer length before accessing the token. • https://github.com/ARMmbed/mbed-coap/pull/116 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-12887
https://notcve.org/view.php?id=CVE-2020-12887
18 Jun 2020 — Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap library 5.1.5. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP option number field of all options present in the input packet. Each option number is calculated as a sum of the previous option number and a delta of the current option. The delta and the previous option number are expressed as unsigned 16-bit integers. • https://github.com/ARMmbed/mbed-coap/pull/116 • CWE-190: Integer Overflow or Wraparound CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-17210
https://notcve.org/view.php?id=CVE-2019-17210
04 Nov 2019 — A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02. The function readMQTTLenString() is called by the function MQTTDeserialize_publish() to get the length and content of the MQTT topic name. In the function readMQTTLenString(), mqttstring->lenstring.len is a part of user input, which can be manipulated. An attacker can simply change it to a larger value to invalidate the if statement so that the statements inside the if statement are skipped, letting the value of mqttstri... • https://github.com/ARMmbed/mbed-os/issues/11802 • CWE-20: Improper Input Validation •