VYPR

Mbed OS

by Arm

CVEs (11)

  • CVE-2019-17211CriNov 5, 2019
    risk 0.64cvss 9.8epss 0.03

    An integer overflow was discovered in the CoAP library in Arm Mbed OS 5.14.0. The function sn_coap_builder_calc_needed_packet_data_size_2() is used to calculate the required memory for the CoAP message from the sn_coap_hdr_s data structure. Both returned_byte_count and…

  • CVE-2019-17212CriNov 5, 2019
    risk 0.64cvss 9.8epss 0.03

    Buffer overflows were discovered in the CoAP library in Arm Mbed OS 5.14.0. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the…

  • CVE-2019-17210HigNov 4, 2019
    risk 0.49cvss 7.5epss 0.01

    A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02. The function readMQTTLenString() is called by the function MQTTDeserialize_publish() to get the length and content of the MQTT topic name. In the function readMQTTLenString(),…

  • CVE-2024-22905HigApr 19, 2024
    risk 0.46cvss 7.0epss 0.00

    Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote attacker to execute arbitrary code via a crafted script to the hciTrSerialRxIncoming function.

  • CVE-2024-48983HigNov 20, 2024
    risk 0.00cvss 7.5epss 0.00

    An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet header. A buffer is then allocated to contain the entire packet, the size of which is calculated as…

  • CVE-2021-27435HigMay 3, 2022
    risk 0.00cvss 7.3epss 0.02

    ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

  • CVE-2020-12887HigJun 18, 2020
    risk 0.00cvss 7.5epss 0.02

    Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap library 5.1.5. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP option number field of all options…

  • CVE-2020-12886CriJun 18, 2020
    risk 0.00cvss 9.1epss 0.01

    A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP packet header starting from the message token. The length of the token in…

  • CVE-2020-12885HigJun 18, 2020
    risk 0.00cvss 7.5epss 0.01

    An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options in a while loop. This loop's exit condition is computed…

  • CVE-2020-12884CriJun 18, 2020
    risk 0.00cvss 9.1epss 0.01

    A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options that may occur multiple consecutive times in a single…

  • CVE-2020-12883CriJun 18, 2020
    risk 0.00cvss 9.1epss 0.02

    Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the…