CVE-2019-17211

An integer overflow was discovered in the CoAP library in Arm Mbed OS 5.14.0. The function sn_coap_builder_calc_needed_packet_data_size_2() is used to calculate the required memory for the CoAP message from the sn_coap_hdr_s data structure. Both returned_byte_count and src_coap_msg_ptr->payload_len are of type uint16_t. When added together, the result returned_byte_count can wrap around the maximum uint16_t value. As a result, insufficient buffer space is allocated for the corresponding CoAP message.
Configurations

Configuration 1

cpe:2.3:o:mbed:mbed:5.14.0:*:*:*:*:*:*:*
cpe:2.3:o:mbed:mbed:5.13.2:*:*:*:*:*:*:*

Information

Published : 2019-11-05 04:15

Updated : 2019-11-13 03:25


NVD link : CVE-2019-17211

Mitre link : CVE-2019-17211

Products Affected
No products.
CWE