Denial of Service vulnerability caused by improper exception handling while parsing of CoAP messages #16
Comments
|
Following versions are vulnerable to this issue: 1.0, 1.0.1. |
This was referenced Nov 3, 2020
phc-1020
added a commit
to phc-1020/CoAPthon3
that referenced
this issue
Feb 12, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Multiple sample applications from CoAPthon3 library are vulnerable to Denial of Service attacks caused by maliciously crafted CoAP messages.
Method Serialize.deserialize() improperly handle multiple exception types leading to crash of applications (including standard CoAP server, CoAP client, example collect CoAP server and client).
Example payloads and unhandled exceptions:
Error message:
File "CoAPthon3-master/coapthon/serializer.py", line 57, in deserialize
message.token = token_value.decode("utf-8")
File "/usr/lib/python2.7/encodings/utf_8.py", line 16, in decode
return codecs.utf_8_decode(input, errors, True)
UnicodeDecodeError: 'utf8' codec can't decode byte 0xfd in position 2: invalid start byte
Error message:
File "CoAPthon3-master/coapthon/serializer.py", line 57, in deserialize
message.token = token_value.decode("utf-8")
File "CoAPthon3-master/coapthon/messages/message.py", line 126, in token
value = str(value)
UnicodeEncodeError: 'ascii' codec can't encode character u'\u0740' in position 1: ordinal not in range(128)
Proposed CVSS score:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (7.5 - High)
Mitigation:
All exception types should be handled in the main loop of CoAPthon3 applications (including standard CoAP server, CoAP client, example collect CoAP server and client), to provide uninterruptible service.
CoAPthon3_crashes.zip
Issue was reported via email on 26th of February to CoAPthon3 developers and registered in CVE database (reserved id is: CVE-2018-12679).
The text was updated successfully, but these errors were encountered: