Allele Security Alert
ASA-2019-00633
Identifier(s)
ASA-2019-00633, CVE-2019-17212
Title
Memory access out of range in library parser part
Vendor(s)
Arm Holdings
Product(s)
Arm Mbed OS CoAP
Affected version(s)
Arm Mbed OS version 5.13.2
Fixed version(s)
Unknown
Proof of concept
Unknown
Description
Buffer overflows were discovered in the CoAP library in Arm Mbed OS.
Technical details
The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point (*packet_data_pptr) is increased correspondingly. The pointer is restricted by the size of the received buffer, as well as by the 0xFF delimiter byte. Inside each while loop, the check of the value of *packet_data_pptr is not strictly enforced. More specifically, inside a loop, *packet_data_pptr could be increased and then dereferenced without checking. Moreover, there are many other functions in the format of sn_coap_parser_****() that do not check whether the pointer is within the bounds of the allocated buffer. All of these lead to heap-based or stack-based buffer overflows, depending on how the CoAP packet buffer is allocated.
Credits
TheSilentDawn
Reference(s)
memory acess out of range in MbedOS CoAP library parser part
https://github.com/ARMmbed/mbed-os/issues/11803
mbed-coap
https://github.com/ARMmbed/mbed-os/tree/master/features/frameworks/mbed-coap
CVE-2019-17212
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17212
CVE-2019-17212
https://nvd.nist.gov/vuln/detail/CVE-2019-17212
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: December 10, 2019