nvd-json-data-feeds/CVE-2020/CVE-2020-128xx/CVE-2020-12883.json

{
  "id": "CVE-2020-12883",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2020-06-18T19:15:09.893",
  "lastModified": "2024-11-21T05:00:29.127",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point (*packet_data_pptr) is increased correspondingly. The pointer is restricted by the size of the received buffer, as well as by the option delta and option length bytes. The actual input packet length is not verified against the number of bytes read when processing the option extended delta and the option extended length. Moreover, the calculation of the message_left variable, in the case of non-extended option deltas, is incorrect and indicates more data left for processing than provided in the function input. All of these lead to heap-based or stack-based memory location read access that is outside of the intended boundary of the buffer. Depending on the platform-specific memory management mechanisms, it can lead to processing of unintended inputs or system memory access violation errors."
    },
    {
      "lang": "es",
      "value": "Se detectaron lecturas excesivas del b\u00fafer en la biblioteca CoAP en Arm Mbed OS versi\u00f3n 5.15.3. El analizador CoAP es responsable de analizar los paquetes CoAP recibidos. La funci\u00f3n sn_coap_parser_options_parse() analiza la entrada CoAP linealmente usando un bucle while. Una vez que se analiza una opci\u00f3n en un bucle, el punto actual (*packet_data_pptr) se incrementa correspondientemente. El puntero es restringido por el tama\u00f1o del b\u00fafer recibido, as\u00ed como por los bytes option delta y option length. La longitud real del paquete de entrada no es comprobada con el n\u00famero de bytes le\u00eddos cuando se procesa la opci\u00f3n delta extendida y la opci\u00f3n longitud extendida. Adem\u00e1s, el c\u00e1lculo de la variable message_left, en el caso de deltas de opci\u00f3n no extendida, es incorrecto e indica que quedan m\u00e1s datos para procesar que los proporcionados en la entrada de la funci\u00f3n. Todo esto conlleva a un acceso de lectura de ubicaci\u00f3n de memoria en la regi\u00f3n heap o stack que est\u00e1 fuera del l\u00edmite previsto del b\u00fafer. Dependiendo de los mecanismos de administraci\u00f3n de memoria espec\u00edficos de la plataforma, puede conllevar al procesamiento de entradas no deseadas o errores de violaci\u00f3n de acceso de la memoria de sistema"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
          "baseScore": 6.4,
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "PARTIAL"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:arm:mbed_os:5.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B314FCEF-12B7-4510-AC5E-12D3574E3E68"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/ARMmbed/mbed-coap/pull/116",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/ARMmbed/mbed-os/issues/12925",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/ARMmbed/mbed-os/issues/12926",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/ARMmbed/mbed-os/issues/12927",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/ARMmbed/mbed-coap/pull/116",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/ARMmbed/mbed-os/issues/12925",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/ARMmbed/mbed-os/issues/12926",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/ARMmbed/mbed-os/issues/12927",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}
bootstrap 2023-04-24 12:24:31 +02:00			`{`
			`"id": "CVE-2020-12883",`
			`"sourceIdentifier": "cve@mitre.org",`
			`"published": "2020-06-18T19:15:09.893",`
Auto-Update: 2024-11-23T13:07:37.766281+00:00 2024-11-23 13:10:58 +00:00			`"lastModified": "2024-11-21T05:00:29.127",`
			`"vulnStatus": "Modified",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"cveTags": [],`
bootstrap 2023-04-24 12:24:31 +02:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			"value": "Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point (*packet_data_pptr) is increased correspondingly. The pointer is restricted by the size of the received buffer, as well as by the option delta and option length bytes. The actual input packet length is not verified against the number of bytes read when processing the option extended delta and the option extended length. Moreover, the calculation of the message_left variable, in the case of non-extended option deltas, is incorrect and indicates more data left for processing than provided in the function input. All of these lead to heap-based or stack-based memory location read access that is outside of the intended boundary of the buffer. Depending on the platform-specific memory management mechanisms, it can lead to processing of unintended inputs or system memory access violation errors."
			`},`
			`{`
			`"lang": "es",`
			"value": "Se detectaron lecturas excesivas del b\u00fafer en la biblioteca CoAP en Arm Mbed OS versi\u00f3n 5.15.3. El analizador CoAP es responsable de analizar los paquetes CoAP recibidos. La funci\u00f3n sn_coap_parser_options_parse() analiza la entrada CoAP linealmente usando un bucle while. Una vez que se analiza una opci\u00f3n en un bucle, el punto actual (*packet_data_pptr) se incrementa correspondientemente. El puntero es restringido por el tama\u00f1o del b\u00fafer recibido, as\u00ed como por los bytes option delta y option length. La longitud real del paquete de entrada no es comprobada con el n\u00famero de bytes le\u00eddos cuando se procesa la opci\u00f3n delta extendida y la opci\u00f3n longitud extendida. Adem\u00e1s, el c\u00e1lculo de la variable message_left, en el caso de deltas de opci\u00f3n no extendida, es incorrecto e indica que quedan m\u00e1s datos para procesar que los proporcionados en la entrada de la funci\u00f3n. Todo esto conlleva a un acceso de lectura de ubicaci\u00f3n de memoria en la regi\u00f3n heap o stack que est\u00e1 fuera del l\u00edmite previsto del b\u00fafer. Dependiendo de los mecanismos de administraci\u00f3n de memoria espec\u00edficos de la plataforma, puede conllevar al procesamiento de entradas no deseadas o errores de violaci\u00f3n de acceso de la memoria de sistema"
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",`
Auto-Update: 2024-11-23T13:07:37.766281+00:00 2024-11-23 13:10:58 +00:00			`"baseScore": 9.1,`
			`"baseSeverity": "CRITICAL",`
bootstrap 2023-04-24 12:24:31 +02:00			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "NONE",`
Auto-Update: 2024-11-23T13:07:37.766281+00:00 2024-11-23 13:10:58 +00:00			`"availabilityImpact": "HIGH"`
bootstrap 2023-04-24 12:24:31 +02:00			`},`
			`"exploitabilityScore": 3.9,`
			`"impactScore": 5.2`
			`}`
			`],`
			`"cvssMetricV2": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "2.0",`
			`"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",`
Auto-Update: 2024-11-23T13:07:37.766281+00:00 2024-11-23 13:10:58 +00:00			`"baseScore": 6.4,`
bootstrap 2023-04-24 12:24:31 +02:00			`"accessVector": "NETWORK",`
			`"accessComplexity": "LOW",`
			`"authentication": "NONE",`
			`"confidentialityImpact": "PARTIAL",`
			`"integrityImpact": "NONE",`
Auto-Update: 2024-11-23T13:07:37.766281+00:00 2024-11-23 13:10:58 +00:00			`"availabilityImpact": "PARTIAL"`
bootstrap 2023-04-24 12:24:31 +02:00			`},`
			`"baseSeverity": "MEDIUM",`
			`"exploitabilityScore": 10.0,`
			`"impactScore": 4.9,`
			`"acInsufInfo": false,`
			`"obtainAllPrivilege": false,`
			`"obtainUserPrivilege": false,`
			`"obtainOtherPrivilege": false,`
			`"userInteractionRequired": false`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-125"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:o:arm:mbed_os:5.15.3:::::::*",`
			`"matchCriteriaId": "B314FCEF-12B7-4510-AC5E-12D3574E3E68"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://github.com/ARMmbed/mbed-coap/pull/116",`
			`"source": "cve@mitre.org",`
			`"tags": [`
			`"Third Party Advisory"`
			`]`
			`},`
			`{`
			`"url": "https://github.com/ARMmbed/mbed-os/issues/12925",`
			`"source": "cve@mitre.org",`
			`"tags": [`
			`"Third Party Advisory"`
			`]`
			`},`
			`{`
			`"url": "https://github.com/ARMmbed/mbed-os/issues/12926",`
			`"source": "cve@mitre.org",`
			`"tags": [`
			`"Third Party Advisory"`
			`]`
			`},`
			`{`
			`"url": "https://github.com/ARMmbed/mbed-os/issues/12927",`
			`"source": "cve@mitre.org",`
			`"tags": [`
			`"Third Party Advisory"`
			`]`
Auto-Update: 2024-11-23T13:07:37.766281+00:00 2024-11-23 13:10:58 +00:00			`},`
			`{`
			`"url": "https://github.com/ARMmbed/mbed-coap/pull/116",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108",`
			`"tags": [`
			`"Third Party Advisory"`
			`]`
			`},`
			`{`
			`"url": "https://github.com/ARMmbed/mbed-os/issues/12925",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108",`
			`"tags": [`
			`"Third Party Advisory"`
			`]`
			`},`
			`{`
			`"url": "https://github.com/ARMmbed/mbed-os/issues/12926",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108",`
			`"tags": [`
			`"Third Party Advisory"`
			`]`
			`},`
			`{`
			`"url": "https://github.com/ARMmbed/mbed-os/issues/12927",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108",`
			`"tags": [`
			`"Third Party Advisory"`
			`]`
bootstrap 2023-04-24 12:24:31 +02:00			`}`
			`]`
			`}`