CVE-2018-12680

Name of the Vulnerable Software and Affected Versions CoAPthon versions 3.1, 4.0.0, 4.0.1, 4.0.2

Description The Serialize.deserialize() method mishandles certain exceptions, leading to a denial of service in applications that use this library when they receive crafted CoAP messages. This issue affects various applications, including the standard CoAP server, CoAP client, CoAP reverse proxy, and example collect CoAP server and client.

Recommendations For CoAPthon version 3.1, update to a version that fixes the issue with the Serialize.deserialize() method. For CoAPthon versions 4.0.0, 4.0.1, and 4.0.2, update to a version that fixes the issue with the Serialize.deserialize() method. As a temporary workaround, consider disabling the Serialize.deserialize() method until a patch is available.