Allele Security Alert
ASA-2019-00632
Identifier(s)
ASA-2019-00632, CVE-2019-17211
Title
Memory access out of range in library builder part due to integer overflow
Vendor(s)
Arm Holdings
Product(s)
Arm Mbed OS CoAP
Affected version(s)
Arm Mbed OS version 5.13.2
Fixed version(s)
Unknown
Proof of concept
Unknown
Description
An integer overflow was discovered in the CoAP library in Arm Mbed OS.
Technical details
The function sn_coap_builder_calc_needed_packet_data_size_2() is used to calculate the required memory for the CoAP message from the sn_coap_hdr_s data structure. Both returned_byte_count and src_coap_msg_ptr->payload_len are of type uint16_t. When added together, the result returned_byte_count can wrap around the maximum uint16_t value. As a result, insufficient buffer space is allocated for the corresponding CoAP message.
Credits
TheSilentDawn
Reference(s)
memory access out of range in MbedOS CoAP library builder part
https://github.com/ARMmbed/mbed-os/issues/11804
mbed-coap
https://github.com/ARMmbed/mbed-os/tree/master/features/frameworks/mbed-coap
CVE-2019-17211
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17211
CVE-2019-17211
https://nvd.nist.gov/vuln/detail/CVE-2019-17211
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: December 4, 2019