CVE-2020-12884

Name of the Vulnerable Software and Affected Versions Arm Mbed OS version 5.15.3

Description A buffer over-read was discovered in the CoAP library. The CoAP parser is responsible for parsing received CoAP packets. The function sn coap parser options parse multiple options() parses CoAP options that may occur multiple consecutive times in a single packet. While processing the options, packet data pptr is accessed after being incremented by option len without a prior out-of-bounds memory check. The temp parsed uri query ptr is validated for a correct range, but the range valid for temp parsed uri query ptr is derived from the amount of allocated heap memory, not the actual input size. Therefore the check of temp parsed uri query ptr may be insufficient for safe access to the area pointed to by packet data pptr. As a result, access to a memory area outside of the intended boundary of the packet buffer is made.

Recommendations As a temporary workaround, consider disabling the sn coap parser options parse multiple options() function until a patch is available. Restrict access to the CoAP library to minimize the risk of exploitation. Avoid using the packet data pptr and temp parsed uri query ptr variables in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.