CVE-2019-17212

Vulnerability

A buffer overflow vulnerability exists in the CoAP library of Arm Mbed OS version 5.14.0 [1]. The core issue lies in the function sn_coap_parser_options_parse(), which parses received CoAP packets in a while loop. Within the loop, the pointer *packet_data_pptr is incremented and dereferenced without proper bounds checking against the allocated buffer size. Additionally, several other sn_coap_parser_*() functions lack sufficient boundary validation, leading to heap-based or stack-based buffer overflows depending on how the CoAP packet buffer is allocated [1][2][3][4].

Exploitation

An attacker must be able to send a crafted CoAP packet to a device running the vulnerable library [1]. The malformed packet can contain option length values (e.g., option_len == 13) and other option fields that force the parser's pointer to advance beyond the allocated buffer. No authentication is required, as the vulnerability is triggered during parsing of incoming data [1]. The exact sequence involves crafting a CoAP packet that causes repeated pointer increments and dereferences without exceeding the 0xFF delimiter check, eventually writing or reading beyond the buffer boundaries [1][2][4].

Impact

Successful exploitation results in memory corruption (heap or stack buffer overflow) [1]. The attacker may achieve arbitrary code execution, information disclosure, or denial of service, depending on how the overflow is leveraged. The vulnerability affects all devices using the impacted CoAP library with default buffer allocation [1].

Mitigation

As of the available references, no patched version has been confirmed. The issue was reported in the Mbed OS GitHub repository [1]. Users should monitor the repository for future fixes and consider applying input validation or limiting CoAP packet sizes as a temporary workaround. No known CISA KEV entry exists for this CVE [1].