You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Type: Integer overflow
The CoAP builder is responsible for crafting outgoing CoAP messages. The function sn_coap_builder_calc_needed_packet_data_size_2() is used to calculate the needed memory for the CoAP message from the sn_coap_hdr_s data structure. Both returned_byte_count and src_coap_msg_ptr->payload_len are of type uint16_t. When added together, the result returned_byte_count will wrap around the maximum as shown in line 4. As a result, insufficient buffer is allocated for the corresponding CoAP message.
Description of defect
Reference: https://github.com/ARMmbed/mbed-os/tree/master/features/frameworks/mbed-coap
Function: sn_coap_builder_calc_needed_packet_data_size_2
mbed-os/features/frameworks/mbed-coap/source/sn_coap_builder.c
Line 355 in d0686fd
Type: Integer overflow
The CoAP builder is responsible for crafting outgoing CoAP messages. The function sn_coap_builder_calc_needed_packet_data_size_2() is used to calculate the needed memory for the CoAP message from the sn_coap_hdr_s data structure. Both returned_byte_count and src_coap_msg_ptr->payload_len are of type uint16_t. When added together, the result returned_byte_count will wrap around the maximum as shown in line 4. As a result, insufficient buffer is allocated for the corresponding CoAP message.
In the following, we list other locations which will cause out-of-bound memory accesses rooted in this vulnerability.
mbed-os/features/frameworks/mbed-coap/source/sn_coap_builder.c
Line 1090 in d0686fd
mbed-os/features/frameworks/mbed-coap/source/sn_coap_builder.c
Line 710 in d0686fd
mbed-os/features/frameworks/mbed-coap/source/sn_coap_builder.c
Line 524 in d0686fd
mbed-os/features/frameworks/mbed-coap/source/sn_coap_builder.c
Line 527 in d0686fd
mbed-os/features/frameworks/mbed-coap/source/sn_coap_builder.c
Line 528 in d0686fd
mbed-os/features/frameworks/mbed-coap/source/sn_coap_builder.c
Line 718 in d0686fd
mbed-os/features/frameworks/mbed-coap/source/sn_coap_builder.c
Line 746 in d0686fd
Result: Memory corruption.
Target(s) affected by this defect ?
MbedOS CoAP library
Toolchain(s) (name and version) displaying this defect ?
N/A
What version of Mbed-os are you using (tag or sha) ?
MbedOS 5.13.2
What version(s) of tools are you using. List all that apply (E.g. mbed-cli)
mbed-cli latest version
How is this defect reproduced ?
N/A
The text was updated successfully, but these errors were encountered: