CVE-2019-17212

Name of the Vulnerable Software and Affected Versions Arm Mbed OS version 5.14.0

Description A buffer overflow issue was discovered in the CoAP library of Arm Mbed OS. The CoAP parser, specifically the function sn coap parser options parse(), is responsible for parsing received CoAP packets. The issue arises from the lack of strict enforcement of the *packet data pptr value within the while loop, allowing it to be increased and then dereferenced without proper bounds checking. This, along with similar issues in other sn coap parser ****() functions, can lead to heap-based or stack-based buffer overflows, depending on the allocation of the CoAP packet buffer.

Recommendations For Arm Mbed OS version 5.14.0, consider disabling the sn coap parser options parse() function until a patch is available to prevent potential buffer overflows. Additionally, restrict the use of other sn coap parser ****() functions that do not properly check the bounds of the allocated buffer to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.