PT-2019-19304 · Eclipse · Eclipse Wakaama
Published
2019-02-22
·
Updated
2020-08-24
·
CVE-2019-9004
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Eclipse Wakaama (formerly liblwm2m) version 1.0
Description
The issue arises from the mishandling of invalid options in the LWM2M server, specifically within the core/er-coap-13/er-coap-13.c file. This mishandling leads to a memory leak, where processing a single crafted packet results in the leakage of 24 bytes of memory. Over time, this can cause the LWM2M server to terminate after all available memory is exhausted.
Recommendations
For Eclipse Wakaama (formerly liblwm2m) version 1.0, consider applying a patch or fix that addresses the memory leak issue in the LWM2M server, specifically in the core/er-coap-13/er-coap-13.c file, to prevent memory exhaustion and potential server termination.
Exploit
Fix
Memory Leak
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eclipse Wakaama