Details of VAR-201911-0591

ID

VAR-201911-0591

CVE

CVE-2019-17212

TITLE

Arm Mbed OS Vulnerable to out-of-bounds writing

Trust: 0.8

sources: JVNDB: JVNDB-2019-011852

DESCRIPTION

Buffer overflows were discovered in the CoAP library in Arm Mbed OS 5.14.0. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point (*packet_data_pptr) is increased correspondingly. The pointer is restricted by the size of the received buffer, as well as by the 0xFF delimiter byte. Inside each while loop, the check of the value of *packet_data_pptr is not strictly enforced. More specifically, inside a loop, *packet_data_pptr could be increased and then dereferenced without checking. Moreover, there are many other functions in the format of sn_coap_parser_****() that do not check whether the pointer is within the bounds of the allocated buffer. All of these lead to heap-based or stack-based buffer overflows, depending on how the CoAP packet buffer is allocated. Arm Mbed OS Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ARM Mbed OS is a set of open source embedded operating system dedicated to the Internet of Things of the British ARM company. CoAP library is one of the Constrained Application Protocol (CoAP) libraries. The vulnerability stems from the fact that when a network system or product performs an operation on memory, the data boundary is not correctly verified, resulting in an incorrect read and write operation to other associated memory locations. Attackers can use this vulnerability to cause buffer overflow or heap overflow. A remote attacker can use the specially crafted file to exploit this vulnerability to execute arbitrary code on the system

Trust: 2.7

sources: NVD: CVE-2019-17212 // JVNDB: JVNDB-2019-011852 // CNVD: CNVD-2020-14204 // CNNVD: CNNVD-201911-197

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-14204

AFFECTED PRODUCTS

vendor:	arm	model:	mbed os	scope:	eq	version:	5.14.0	Trust: 1.4
vendor:	mbed	model:	mbed	scope:	eq	version:	5.13.2	Trust: 1.0
vendor:	mbed	model:	mbed	scope:	eq	version:	5.14.0	Trust: 1.0

sources: CNVD: CNVD-2020-14204 // JVNDB: JVNDB-2019-011852 // NVD: CVE-2019-17212

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-17212
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-17212
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-14204
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201911-197
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2019-17212
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-14204
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-17212
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-17212
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-14204 // JVNDB: JVNDB-2019-011852 // CNNVD: CNNVD-201911-197 // NVD: CVE-2019-17212

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.8
problemtype:	CWE-129	Trust: 1.0

sources: JVNDB: JVNDB-2019-011852 // NVD: CVE-2019-17212

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-197

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201911-197

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011852

PATCH

title:	mbed-os/features/frameworks/mbed-coap/source/sn_coap_parser.c	url:	https://github.com/ARMmbed/mbed-os/blob/d91ed5fa42ea0f32e4422a3c562e7b045a17da40/features/frameworks/mbed-coap/source/sn_coap_parser.c#L257	Trust: 0.8
title:	memory acess out of range in MbedOS CoAP library parser part #11803	url:	https://github.com/ARMmbed/mbed-os/issues/11803	Trust: 0.8
title:	Patch for ARM Mbed OS CoAP library buffer overflow vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/204643	Trust: 0.6
title:	ARM Mbed OS CoAP library Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=102485	Trust: 0.6

sources: CNVD: CNVD-2020-14204 // JVNDB: JVNDB-2019-011852 // CNNVD: CNNVD-201911-197

EXTERNAL IDS

db:	NVD	id:	CVE-2019-17212	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-011852	Trust: 0.8
db:	CNVD	id:	CNVD-2020-14204	Trust: 0.6
db:	CNNVD	id:	CNNVD-201911-197	Trust: 0.6

sources: CNVD: CNVD-2020-14204 // JVNDB: JVNDB-2019-011852 // CNNVD: CNNVD-201911-197 // NVD: CVE-2019-17212

REFERENCES

url:	https://github.com/armmbed/mbed-os/blob/d91ed5fa42ea0f32e4422a3c562e7b045a17da40/features/frameworks/mbed-coap/source/sn_coap_parser.c#l313	Trust: 1.6
url:	https://github.com/armmbed/mbed-os/issues/11803	Trust: 1.6
url:	https://github.com/armmbed/mbed-os/blob/d91ed5fa42ea0f32e4422a3c562e7b045a17da40/features/frameworks/mbed-coap/source/sn_coap_parser.c#l257	Trust: 1.6
url:	https://github.com/armmbed/mbed-os/blob/d91ed5fa42ea0f32e4422a3c562e7b045a17da40/features/frameworks/mbed-coap/source/sn_coap_parser.c#l301	Trust: 1.6
url:	https://github.com/armmbed/mbed-os/blob/d91ed5fa42ea0f32e4422a3c562e7b045a17da40/features/frameworks/mbed-coap/source/sn_coap_parser.c#l331	Trust: 1.6
url:	https://github.com/armmbed/mbed-os/blob/d91ed5fa42ea0f32e4422a3c562e7b045a17da40/features/frameworks/mbed-coap/source/sn_coap_parser.c#l310	Trust: 1.6
url:	https://github.com/armmbed/mbed-os/blob/d91ed5fa42ea0f32e4422a3c562e7b045a17da40/features/frameworks/mbed-coap/source/sn_coap_parser.c#l660	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17212	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17212	Trust: 0.8
url:	https://github.com/armmbed/mbed-os	Trust: 0.6

sources: CNVD: CNVD-2020-14204 // JVNDB: JVNDB-2019-011852 // CNNVD: CNNVD-201911-197 // NVD: CVE-2019-17212

SOURCES

db:	CNVD	id:	CNVD-2020-14204
db:	JVNDB	id:	JVNDB-2019-011852
db:	CNNVD	id:	CNNVD-201911-197
db:	NVD	id:	CVE-2019-17212

LAST UPDATE DATE

2024-11-23T22:44:47.835000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-14204	date:	2020-02-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-011852	date:	2019-11-19T00:00:00
db:	CNNVD	id:	CNNVD-201911-197	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-17212	date:	2024-11-21T04:31:52.160

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-14204	date:	2020-02-25T00:00:00
db:	JVNDB	id:	JVNDB-2019-011852	date:	2019-11-19T00:00:00
db:	CNNVD	id:	CNNVD-201911-197	date:	2019-11-05T00:00:00
db:	NVD	id:	CVE-2019-17212	date:	2019-11-05T15:15:12.060