Allele Security Alert
Memory access out of range in library builder part due to integer overflow
Arm Mbed OS CoAP
Arm Mbed OS version 5.13.2
Proof of concept
An integer overflow was discovered in the CoAP library in Arm Mbed OS.
The function sn_coap_builder_calc_needed_packet_data_size_2() is used to calculate the required memory for the CoAP message from the sn_coap_hdr_s data structure. Both returned_byte_count and src_coap_msg_ptr->payload_len are of type uint16_t. When added together, the result returned_byte_count can wrap around the maximum uint16_t value. As a result, insufficient buffer space is allocated for the corresponding CoAP message.
memory access out of range in MbedOS CoAP library builder part
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: December 4, 2019