CVE-2020-12887

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-12887
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12887.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-12887
Published
2020-06-18T19:15:11Z
Modified
2024-09-03T03:10:59.280191Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap library 5.1.5. The CoAP parser is responsible for parsing received CoAP packets. The function sncoapparseroptionsparse() parses the CoAP option number field of all options present in the input packet. Each option number is calculated as a sum of the previous option number and a delta of the current option. The delta and the previous option number are expressed as unsigned 16-bit integers. Due to lack of overflow detection, it is possible to craft a packet that wraps the option number around and results in the same option number being processed again in a single packet. Certain options allocate memory by calling a memory allocation function. In the cases of COAPOPTIONURIQUERY, COAPOPTIONURIPATH, COAPOPTIONLOCATIONQUERY, and COAPOPTION_ETAG, there is no check on whether memory has already been allocated, which in conjunction with the option number integer overflow may lead to multiple assignments of allocated memory to a single pointer. This has been demonstrated to lead to memory leak by buffer orphaning. As a result, the memory is never freed.

References

Affected packages

Git / github.com/armmbed/mbed-coap

Affected ranges

Type
GIT
Repo
https://github.com/armmbed/mbed-coap
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Type
GIT
Repo
https://github.com/mjurczak/mbed-coap
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.0.0-yotta2
0.0.0-yotta3
0.0.0-yotta4

1.*

1.11-RC1
1.3.0
1.3.0-GA
1.3.1
1.3.1.1
1.3.2
1.3.3
1.4.0
1.4.0-RC1
1.4.0-RC10
1.4.0-RC11
1.4.0-RC2
1.4.0-RC3
1.4.0-RC4
1.4.0-RC5
1.4.0-RC6
1.4.0-RC7
1.4.0-RC8
1.4.0-RC9
1.4.1-RC1
1.4.1-RC2
1.4.1-RC3
1.4.1-RC4
1.4.1-RC5
1.4.1-RC6
1.5-ap
1.5.0
1.5.0-RC1
1.5.0-RC2
1.5.0-RC3
1.5.0-RC4
1.5.0-RC5
1.5.0-RC6

2.*

2.0-pre1
2.0-release
2.0.0
2.0.0-RC1
2.0.0-RC2
2.0.0-RC3
2.0.0-RC4
2.0.0-RC5
2.0.1
2.0.1-RC1
2.0.1-RC2
2.0.1.1-RC1
2.1
2.1.0
2.1.0-RC1
2.1.0-RC2
2.1.0-RC3
2.1.0-RC4
2.1.0-RC5
2.1.1
2.1.1-RC1
2.1.1-RC2
2.1.1-RC3
2.1.1-RC4
2.2.0
2.2.0-RC1
2.2.0-RC2
2.2.0-RC4
2.2.0-RC5
2.2.0-RC6
2.2.0-RC7
2.2.0-RC8
2.2.1
2.2.1-RC1
2.2.1-delta-RC1
2.3

R1.*

R1.2.4-LA
R1.2.5-LA
R1.2.6-LA
R1.2.6-RC1
R1.2.6-RC10
R1.2.6-RC11
R1.2.6-RC2
R1.2.6-RC3
R1.2.6-RC4
R1.2.6-RC5
R1.2.6-RC6
R1.2.6-RC7
R1.2.6-RC8
R1.2.6-RC9
R1.3.0-LA
R1.3.0-RC1
R1.3.0-RC10
R1.3.0-RC11
R1.3.0-RC12
R1.3.0-RC13
R1.3.0-RC14
R1.3.0-RC15
R1.3.0-RC16
R1.3.0-RC17
R1.3.0-RC18
R1.3.0-RC19
R1.3.0-RC2
R1.3.0-RC20
R1.3.0-RC21
R1.3.0-RC22
R1.3.0-RC3
R1.3.0-RC4
R1.3.0-RC5
R1.3.0-RC6
R1.3.0-RC7
R1.3.0-RC8
R1.3.0-RC9
R1.3.1-RC1
R1.3.1-RC2
R1.3.1-RC3
R1.3.1-RC4
R1.3.1-RC5
R1.3.1-hotfix-RC1
R1.3.1-hotfix-RC2
R1.3.2-RC1
R1.3.2-RC2
R1.3.2-RC3
R1.3.2-RC4
R1.3.2-RC5
R1.3.2-RC6
R1.3.2-RC7
R1.3.2-RC8
R1.3.3-RC1
R1.3.3-RC2
R1.3.3-RC3
R1.3.3-RC4
R1.3.3-RC5

RR1.*

RR1.2.0-EA
RR1.2.0-RC1
RR1.2.0-RC10
RR1.2.0-RC11
RR1.2.0-RC2
RR1.2.0-RC3
RR1.2.0-RC4
RR1.2.0-RC5
RR1.2.0-RC6
RR1.2.0-RC7
RR1.2.0-RC8
RR1.2.0-RC9
RR1.2.1-EA
RR1.2.1-RC1
RR1.2.1-RC2
RR1.2.1-RC3
RR1.2.1-RC4
RR1.2.1-RC5
RR1.2.1-RC6
RR1.2.1-RC7
RR1.2.2-EA
RR1.2.2-RC1
RR1.2.2-RC2
RR1.2.2-RC3
RR1.2.2-RC4
RR1.2.2-RC5
RR1.2.2-RC6
RR1.2.3-RC10
RR1.2.3-RC11
RR1.2.3-RC12
RR1.2.3-RC13
RR1.2.3-RC14
RR1.2.3-RC15
RR1.2.3-RC16
RR1.2.3-RC17
RR1.2.3-RC18
RR1.2.3-RC19
RR1.2.3-RC2
RR1.2.3-RC20
RR1.2.3-RC21
RR1.2.3-RC22
RR1.2.3-RC23
RR1.2.3-RC3
RR1.2.3-RC4
RR1.2.3-RC5
RR1.2.3-RC6
RR1.2.3-RC7
RR1.2.3-RC8
RR1.2.3-RC9
RR1.2.4-RC1
RR1.2.4-RC2
RR1.2.4-RC3
RR1.2.4-RC4
RR1.2.5-RC1
RR1.2.5-RC10
RR1.2.5-RC2
RR1.2.5-RC3
RR1.2.5-RC4
RR1.2.5-RC5
RR1.2.5-RC6
RR1.2.5-RC7
RR1.2.5-RC8
RR1.2.5-RC9

Other

beta-release
mbedos-2016q1-oob1
mbedos-2016q1-oob2
mbedos-2016q1-oob3
mbedos-release-15-11
mbedos-techcon-oob2

edge-R0.*

edge-R0.4.3-RC1

mbed-os-5.*

mbed-os-5.0-rc1

mbedos-16.*

mbedos-16.01-release
mbedos-16.03-release

mcc-3.*

mcc-3.0.0
mcc-3.1.0
mcc-3.1.1
mcc-3.2.0
mcc-3.3.0
mcc-3.4.0

mcc-4.*

mcc-4.0.0
mcc-4.1.0
mcc-4.2.0
mcc-4.2.1
mcc-4.5.0
mcc-4.6.0

pdmc-4.*

pdmc-4.3.0
pdmc-4.4.0

v0.*

v0.0.0-yotta
v0.0.1
v0.0.2
v0.1.10
v0.1.2
v0.1.6
v0.1.7
v0.1.8
v0.1.9

v1.*

v1.0.0
v1.1.1
v1.1.2

v2.*

v2.0.0
v2.1.0
v2.2.0
v2.2.1
v2.2.10
v2.2.11
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.2.7
v2.2.8
v2.2.9
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.4.0
v2.4.1
v2.5.0
v2.6.0
v2.7.0
v2.7.1
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.7.7
v2.8.0
v2.9.0

v3.*

v3.0.0
v3.0.1
v3.0.2
v3.0.3

v4.*

v4.0.0
v4.0.1
v4.0.10
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.0.9
v4.1.0
v4.1.1
v4.2.0
v4.3.0
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.5.0
v4.5.1
v4.6.0
v4.6.1
v4.6.2
v4.6.3
v4.7.0
v4.7.1
v4.7.2
v4.7.3
v4.7.4
v4.8.0

v5.*

v5.0.0
v5.1.0
v5.1.1
v5.1.2
v5.1.3
v5.1.4
v5.1.5