CVE-2019-17211
Description
An integer overflow was discovered in the CoAP library in Arm Mbed OS 5.14.0. The function sn_coap_builder_calc_needed_packet_data_size_2() is used to calculate the required memory for the CoAP message from the sn_coap_hdr_s data structure. Both returned_byte_count and src_coap_msg_ptr->payload_len are of type uint16_t. When added together, the result returned_byte_count can wrap around the maximum uint16_t value. As a result, insufficient buffer space is allocated for the corresponding CoAP message.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Integer overflow in CoAP builder in Arm Mbed OS 5.14.0 leads to buffer under-allocation and out-of-bounds write.
Vulnerability
An integer overflow vulnerability exists in the CoAP library of Arm Mbed OS 5.14.0 in the function sn_coap_builder_calc_needed_packet_data_size_2(). The function calculates the required memory for a CoAP message by adding returned_byte_count and src_coap_msg_ptr->payload_len, both of type uint16_t. When the sum exceeds 65535, an integer wrap occurs, resulting in an underestimated buffer size [1].
Exploitation
An attacker can send a crafted CoAP message with a payload length engineered to trigger the integer overflow. The CoAP builder then allocates an insufficient buffer. When the message is subsequently copied into this undersized buffer, as in functions like sn_coap_builder_options_build_add_one_option, a heap out-of-bounds write occurs [1]. No authentication is required; the attack can be performed over the network by any client delivering a malicious CoAP request.
Impact
Successful exploitation leads to a heap buffer overflow, potentially causing memory corruption, denial of service, or arbitrary code execution within the context of the Mbed OS CoAP stack [1]. The exact impact depends on the surrounding memory layout and system hardening.
Mitigation
As of the publication date (2019-11-05), no official patched version of Mbed OS has been announced. Users are advised to apply upstream fixes once available or consider workarounds such as validating CoAP message sizes before processing [1]. This CVE is not listed in the CISA Known Exploited Vulnerabilities catalog.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Arm/Mbed OSdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- github.com/ARMmbed/mbed-os/blob/d0686fd30b4d3d02efdc7e4d0fbf0dfe173543b6/features/frameworks/mbed-coap/source/sn_coap_builder.cmitrex_refsource_MISC
- github.com/ARMmbed/mbed-os/blob/d0686fd30b4d3d02efdc7e4d0fbf0dfe173543b6/features/frameworks/mbed-coap/source/sn_coap_builder.cmitrex_refsource_MISC
- github.com/ARMmbed/mbed-os/blob/d0686fd30b4d3d02efdc7e4d0fbf0dfe173543b6/features/frameworks/mbed-coap/source/sn_coap_builder.cmitrex_refsource_MISC
- github.com/ARMmbed/mbed-os/blob/d0686fd30b4d3d02efdc7e4d0fbf0dfe173543b6/features/frameworks/mbed-coap/source/sn_coap_builder.cmitrex_refsource_MISC
- github.com/ARMmbed/mbed-os/blob/d0686fd30b4d3d02efdc7e4d0fbf0dfe173543b6/features/frameworks/mbed-coap/source/sn_coap_builder.cmitrex_refsource_MISC
- github.com/ARMmbed/mbed-os/blob/d0686fd30b4d3d02efdc7e4d0fbf0dfe173543b6/features/frameworks/mbed-coap/source/sn_coap_builder.cmitrex_refsource_MISC
- github.com/ARMmbed/mbed-os/blob/d0686fd30b4d3d02efdc7e4d0fbf0dfe173543b6/features/frameworks/mbed-coap/source/sn_coap_builder.cmitrex_refsource_MISC
- github.com/ARMmbed/mbed-os/issues/11804mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.