CVE-2021-41040
https://notcve.org/view.php?id=CVE-2021-41040
In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoAP parsing code does not properly sanitize network-received data. En Eclipse Wakaama, desde su creación hasta el 14-01-2021, el código de análisis sintáctico de CoAP no sanea correctamente los datos recibidos de la red • https://bugs.eclipse.org/bugs/show_bug.cgi?id=577968 https://github.com/eclipse/wakaama/pull/640 • CWE-125: Out-of-bounds Read •
CVE-2019-9004
https://notcve.org/view.php?id=CVE-2019-9004
In Eclipse Wakaama (formerly liblwm2m) 1.0, core/er-coap-13/er-coap-13.c in lwm2mserver in the LWM2M server mishandles invalid options, leading to a memory leak. Processing of a single crafted packet leads to leaking (wasting) 24 bytes of memory. This can lead to termination of the LWM2M server after exhausting all available memory. En Eclipse Wakaama (anteriormente conocido como liblwm2m) 1.0, core/er-coap-13/er-coap-13.c en lwm2mserver en el servidor LWM2M gestiona de manera incorrecta las opciones inválidas, lo que conduce a una fuga de memoria. El procesamiento de un único paquete manipulado conduce al filtrado (gasto) de 24 bytes de memoria. • https://github.com/eclipse/wakaama/issues/425 • CWE-401: Missing Release of Memory after Effective Lifetime •