Sign-up

ID

VAR-202006-0090


CVE

CVE-2020-12887


TITLE

Arm mbed-coap Vulnerability in lack of free memory after expiration in library

Trust: 0.8

sources: JVNDB: JVNDB-2020-007002

DESCRIPTION

Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap library 5.1.5. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP option number field of all options present in the input packet. Each option number is calculated as a sum of the previous option number and a delta of the current option. The delta and the previous option number are expressed as unsigned 16-bit integers. Due to lack of overflow detection, it is possible to craft a packet that wraps the option number around and results in the same option number being processed again in a single packet. Certain options allocate memory by calling a memory allocation function. In the cases of COAP_OPTION_URI_QUERY, COAP_OPTION_URI_PATH, COAP_OPTION_LOCATION_QUERY, and COAP_OPTION_ETAG, there is no check on whether memory has already been allocated, which in conjunction with the option number integer overflow may lead to multiple assignments of allocated memory to a single pointer. This has been demonstrated to lead to memory leak by buffer orphaning. As a result, the memory is never freed. Arm mbed-coap The library contains a vulnerability regarding the lack of free memory after expiration.Service operation interruption (DoS) It may be put into a state. ARM Mbed OS is a set of open source embedded operating system dedicated to the Internet of Things of the British ARM company. CoAP library is one of the Constrained Application Protocol (CoAP) libraries. An attacker can use this vulnerability to cause a denial of service (memory leak)

Trust: 2.7

sources: NVD: CVE-2020-12887 // JVNDB: JVNDB-2020-007002 // CNVD: CNVD-2021-20270 // CNNVD: CNNVD-202006-1280

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-20270

AFFECTED PRODUCTS

vendor:armmodel:mbed-coapscope:eqversion:5.1.5

Trust: 1.8

vendor:armmodel:mbed osscope:eqversion:5.15.3

Trust: 0.6

sources: CNVD: CNVD-2021-20270 // JVNDB: JVNDB-2020-007002 // NVD: CVE-2020-12887

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-12887
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-007002
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-20270
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202006-1280
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-12887
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-007002
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-20270
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-12887
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-007002
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-20270 // JVNDB: JVNDB-2020-007002 // CNNVD: CNNVD-202006-1280 // NVD: CVE-2020-12887

PROBLEMTYPE DATA

problemtype:CWE-401

Trust: 1.8

problemtype:CWE-190

Trust: 1.0

sources: JVNDB: JVNDB-2020-007002 // NVD: CVE-2020-12887

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1280

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202006-1280

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007002

PATCH
title:Bugfix/coap parser mem access bugs #116url:https://github.com/ARMmbed/mbed-coap/pull/116
Trust: 0.8
title:Integer overflow in MbedOS CoAP library parser #12930url:https://github.com/ARMmbed/mbed-os/issues/12930
Trust: 0.8
title:Memory leak in MbedOS CoAP library parser - sn_coap_parser_options_parse() #12957url:https://github.com/ARMmbed/mbed-os/issues/12957
Trust: 0.8
title:Implemented measures to prevent memory leaks in sn_coap_parser_options_parse()url:https://github.com/mjurczak/mbed-coap/commit/4647a68e364401e81dbd370728127d844f221d93
Trust: 0.8
title:Patch for ARM Mbed OS CoAP library input verification error vulnerability (CNVD-2021-20270)url:https://www.cnvd.org.cn/patchInfo/show/253736
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-20270 // 
            
            
            
            JVNDB: JVNDB-2020-007002

EXTERNAL IDS
db:NVDid:CVE-2020-12887
Trust: 3.0
db:JVNDBid:JVNDB-2020-007002
Trust: 0.8
db:CNVDid:CNVD-2021-20270
Trust: 0.6
db:CNNVDid:CNNVD-202006-1280
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-20270 // 
            
            
            
            JVNDB: JVNDB-2020-007002 // 
            
            
            
            CNNVD: CNNVD-202006-1280 // 
            
            
            
            NVD: CVE-2020-12887

REFERENCES
url:https://github.com/armmbed/mbed-os/issues/12957
Trust: 1.6
url:https://github.com/armmbed/mbed-os/issues/12930
Trust: 1.6
url:https://github.com/mjurczak/mbed-coap/commit/4647a68e364401e81dbd370728127d844f221d93
Trust: 1.6
url:https://github.com/armmbed/mbed-coap/pull/116
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-12887
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12887
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-007002 // 
            
            
            
            CNNVD: CNNVD-202006-1280 // 
            
            
            
            NVD: CVE-2020-12887

SOURCES
db:CNVDid:CNVD-2021-20270
db:JVNDBid:JVNDB-2020-007002
db:CNNVDid:CNNVD-202006-1280
db:NVDid:CVE-2020-12887

LAST UPDATE DATE
2024-11-23T22:41:05.253000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-20270date:2021-03-23T00:00:00
db:JVNDBid:JVNDB-2020-007002date:2020-07-29T00:00:00
db:CNNVDid:CNNVD-202006-1280date:2020-07-02T00:00:00
db:NVDid:CVE-2020-12887date:2024-11-21T05:00:29.737

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-20270date:2021-03-18T00:00:00
db:JVNDBid:JVNDB-2020-007002date:2020-07-29T00:00:00
db:CNNVDid:CNNVD-202006-1280date:2020-06-18T00:00:00
db:NVDid:CVE-2020-12887date:2020-06-18T19:15:11.783