ASA-2019-00632 – Arm Mbed OS CoAP: Memory access out of range in library builder part due to integer overflow


Allele Security Alert

ASA-2019-00632

Identifier(s)

ASA-2019-00632, CVE-2019-17211

Title

Memory access out of range in library builder part due to integer overflow

Vendor(s)

Arm Holdings

Product(s)

Arm Mbed OS CoAP

Affected version(s)

Arm Mbed OS version 5.13.2

Fixed version(s)

Unknown

Proof of concept

Unknown

Description

An integer overflow was discovered in the CoAP library in Arm Mbed OS.

Technical details

The function sn_coap_builder_calc_needed_packet_data_size_2() is used to calculate the required memory for the CoAP message from the sn_coap_hdr_s data structure. Both returned_byte_count and src_coap_msg_ptr->payload_len are of type uint16_t. When added together, the result returned_byte_count can wrap around the maximum uint16_t value. As a result, insufficient buffer space is allocated for the corresponding CoAP message.

Credits

TheSilentDawn

Reference(s)

memory access out of range in MbedOS CoAP library builder part
https://github.com/ARMmbed/mbed-os/issues/11804

mbed-coap
https://github.com/ARMmbed/mbed-os/tree/master/features/frameworks/mbed-coap

CVE-2019-17211
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17211

CVE-2019-17211
https://nvd.nist.gov/vuln/detail/CVE-2019-17211

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: December 4, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.