ASA-2019-00633 – Arm Mbed OS CoAP: Memory access out of range in library parser part


Allele Security Alert

ASA-2019-00633

Identifier(s)

ASA-2019-00633, CVE-2019-17212

Title

Memory access out of range in library parser part

Vendor(s)

Arm Holdings

Product(s)

Arm Mbed OS CoAP

Affected version(s)

Arm Mbed OS version 5.13.2

Fixed version(s)

Unknown

Proof of concept

Unknown

Description

Buffer overflows were discovered in the CoAP library in Arm Mbed OS.

Technical details

The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point (*packet_data_pptr) is increased correspondingly. The pointer is restricted by the size of the received buffer, as well as by the 0xFF delimiter byte. Inside each while loop, the check of the value of *packet_data_pptr is not strictly enforced. More specifically, inside a loop, *packet_data_pptr could be increased and then dereferenced without checking. Moreover, there are many other functions in the format of sn_coap_parser_****() that do not check whether the pointer is within the bounds of the allocated buffer. All of these lead to heap-based or stack-based buffer overflows, depending on how the CoAP packet buffer is allocated.

Credits

TheSilentDawn

Reference(s)

memory acess out of range in MbedOS CoAP library parser part
https://github.com/ARMmbed/mbed-os/issues/11803

mbed-coap
https://github.com/ARMmbed/mbed-os/tree/master/features/frameworks/mbed-coap

CVE-2019-17212
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17212

CVE-2019-17212
https://nvd.nist.gov/vuln/detail/CVE-2019-17212

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: December 10, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.