Sign-up

ID

VAR-201911-0589


CVE

CVE-2019-17210


TITLE

Arm Mbed OS of MQTT library Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-011860

DESCRIPTION

A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02. The function readMQTTLenString() is called by the function MQTTDeserialize_publish() to get the length and content of the MQTT topic name. In the function readMQTTLenString(), mqttstring->lenstring.len is a part of user input, which can be manipulated. An attacker can simply change it to a larger value to invalidate the if statement so that the statements inside the if statement are skipped, letting the value of mqttstring->lenstring.data default to zero. Later, curn is accessed, which points to mqttstring->lenstring.data. On an Arm Cortex-M chip, the value at address 0x0 is actually the initialization value for the MSP register. It is highly dependent on the actual firmware. Therefore, the behavior of the program is unpredictable from this time on. ARM Mbed OS is a set of open source embedded operating systems dedicated to the Internet of Things by British ARM company. The MQTT library is one of the MQTT (Message Queue Telemetry Transmission Protocol) libraries. An attacker could exploit this vulnerability by changing mqttstring-> lenstring.len to a larger value to cause a denial of service

Trust: 2.7

sources: NVD: CVE-2019-17210 // JVNDB: JVNDB-2019-011860 // CNVD: CNVD-2019-40301 // CNNVD: CNNVD-201911-078

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

category:['other device']sub_category:IoT device with Arm Mbed OS

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2019-40301

AFFECTED PRODUCTS

vendor:armmodel:mbed-mqttscope:eqversion:2017-11-02

Trust: 1.6

vendor:armmodel:mbed-osscope:eqversion: -

Trust: 1.6

vendor:armmodel:mbed mqttscope: - version: -

Trust: 0.8

vendor:armmodel:mbed osscope: - version: -

Trust: 0.8

vendor:armmodel:mbed osscope:eqversion:2017-11-02

Trust: 0.6

sources: CNVD: CNVD-2019-40301 // JVNDB: JVNDB-2019-011860 // CNNVD: CNNVD-201911-078 // NVD: CVE-2019-17210

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-17210
value: HIGH

Trust: 1.0

NVD: CVE-2019-17210
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-40301
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201911-078
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-17210
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-40301
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-17210
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-17210
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-40301 // JVNDB: JVNDB-2019-011860 // CNNVD: CNNVD-201911-078 // NVD: CVE-2019-17210

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2019-011860 // NVD: CVE-2019-17210

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-078

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201911-078

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011860

PATCH
title:lose null pointer check in isTopicMatched() inMQTT #11802url:https://github.com/ARMmbed/mbed-os/issues/11802
Trust: 0.8
title:Patch for ARM Mbed OS MQTT library Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/189849
Trust: 0.6
title:ARM Mbed OS MQTT library Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=102483
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-40301 // 
            
            
            
            JVNDB: JVNDB-2019-011860 // 
            
            
            
            CNNVD: CNNVD-201911-078

EXTERNAL IDS
db:NVDid:CVE-2019-17210
Trust: 3.1
db:JVNDBid:JVNDB-2019-011860
Trust: 0.8
db:CNVDid:CNVD-2019-40301
Trust: 0.6
db:CNNVDid:CNNVD-201911-078
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2019-40301 // 
            
            
            
            JVNDB: JVNDB-2019-011860 // 
            
            
            
            CNNVD: CNNVD-201911-078 // 
            
            
            
            NVD: CVE-2019-17210

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-17210
Trust: 2.0
url:https://github.com/armmbed/mbed-os/issues/11802
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17210
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2019-40301 // 
            
            
            
            JVNDB: JVNDB-2019-011860 // 
            
            
            
            CNNVD: CNNVD-201911-078 // 
            
            
            
            NVD: CVE-2019-17210

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2019-40301
db:JVNDBid:JVNDB-2019-011860
db:CNNVDid:CNNVD-201911-078
db:NVDid:CVE-2019-17210

LAST UPDATE DATE
2025-01-30T21:12:10.004000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-40301date:2019-11-13T00:00:00
db:JVNDBid:JVNDB-2019-011860date:2019-11-20T00:00:00
db:CNNVDid:CNNVD-201911-078date:2019-11-14T00:00:00
db:NVDid:CVE-2019-17210date:2024-11-21T04:31:51.857

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-40301date:2019-11-13T00:00:00
db:JVNDBid:JVNDB-2019-011860date:2019-11-20T00:00:00
db:CNNVDid:CNNVD-201911-078date:2019-11-04T00:00:00
db:NVDid:CVE-2019-17210date:2019-11-04T20:15:10.027