Mbed OS

CVEs (14)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2024-48983	Arm Mbed OS	—	0.01	Nov 20, 2024	An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet header. A buffer is then allocated to contain the entire packet, the size of which is calculated as…
CVE-2024-48986	Arm Mbed OS	—	0.00	Nov 20, 2024	An issue was discovered in MBed OS 6.16.0. Its hci parsing software dynamically determines the length of certain hci packets by reading a byte from its header. Certain events cause a callback, the logic for which allocates a buffer (the length of which is determined by looking…
CVE-2024-48985	Arm Mbed OS	—	0.00	Nov 20, 2024	An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet data. A buffer is then allocated to contain the entire packet, the size of which is calculated as the…
CVE-2024-48984	Arm Mbed OS	—	0.01	Nov 20, 2024	An issue was discovered in MBed OS 6.16.0. When parsing hci reports, the hci parsing software dynamically determines the length of a list of reports by reading a byte from an input stream. It then fetches the length of the first report, uses it to calculate the beginning of the…
CVE-2024-22905	Arm Mbed OS	—	0.04	Apr 19, 2024	Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote attacker to execute arbitrary code via a crafted script to the hciTrSerialRxIncoming function.
CVE-2021-27435	Arm Mbed OS	—	0.04	May 3, 2022	ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
CVE-2020-12883	Arm Mbed OS	—	0.01	Jun 18, 2020	Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the…
CVE-2020-12884	Arm Mbed OS	—	0.01	Jun 18, 2020	A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options that may occur multiple consecutive times in a single…
CVE-2020-12885	Arm Mbed OS	—	0.00	Jun 18, 2020	An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options in a while loop. This loop's exit condition is computed…
CVE-2020-12886	Arm Mbed OS	—	0.01	Jun 18, 2020	A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP packet header starting from the message token. The length of the token in…
CVE-2020-12887	Arm Mbed OS	—	0.01	Jun 18, 2020	Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap library 5.1.5. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP option number field of all options…
CVE-2019-17211	Arm Mbed OS	—	0.01	Nov 5, 2019	An integer overflow was discovered in the CoAP library in Arm Mbed OS 5.14.0. The function sn_coap_builder_calc_needed_packet_data_size_2() is used to calculate the required memory for the CoAP message from the sn_coap_hdr_s data structure. Both returned_byte_count and…
CVE-2019-17212	Arm Mbed OS	—	0.02	Nov 5, 2019	Buffer overflows were discovered in the CoAP library in Arm Mbed OS 5.14.0. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the…
CVE-2019-17210	Arm Mbed OS	—	0.00	Nov 4, 2019	A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02. The function readMQTTLenString() is called by the function MQTTDeserialize_publish() to get the length and content of the MQTT topic name. In the function readMQTTLenString(),…

CVE-2024-48983Nov 20, 2024
Arm
Mbed OS
risk 0.00cvss —epss 0.01
An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet header. A buffer is then allocated to contain the entire packet, the size of which is calculated as…
CVE-2024-48986Nov 20, 2024
Arm
Mbed OS
risk 0.00cvss —epss 0.00
An issue was discovered in MBed OS 6.16.0. Its hci parsing software dynamically determines the length of certain hci packets by reading a byte from its header. Certain events cause a callback, the logic for which allocates a buffer (the length of which is determined by looking…
CVE-2024-48985Nov 20, 2024
Arm
Mbed OS
risk 0.00cvss —epss 0.00
An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet data. A buffer is then allocated to contain the entire packet, the size of which is calculated as the…
CVE-2024-48984Nov 20, 2024
Arm
Mbed OS
risk 0.00cvss —epss 0.01
An issue was discovered in MBed OS 6.16.0. When parsing hci reports, the hci parsing software dynamically determines the length of a list of reports by reading a byte from an input stream. It then fetches the length of the first report, uses it to calculate the beginning of the…
CVE-2024-22905Apr 19, 2024
Arm
Mbed OS
risk 0.00cvss —epss 0.04
Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote attacker to execute arbitrary code via a crafted script to the hciTrSerialRxIncoming function.
CVE-2021-27435May 3, 2022
Arm
Mbed OS
risk 0.00cvss —epss 0.04
ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
CVE-2020-12883Jun 18, 2020
Arm
Mbed OS
risk 0.00cvss —epss 0.01
Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the…
CVE-2020-12884Jun 18, 2020
Arm
Mbed OS
risk 0.00cvss —epss 0.01
A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options that may occur multiple consecutive times in a single…
CVE-2020-12885Jun 18, 2020
Arm
Mbed OS
risk 0.00cvss —epss 0.00
An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options in a while loop. This loop's exit condition is computed…
CVE-2020-12886Jun 18, 2020
Arm
Mbed OS
risk 0.00cvss —epss 0.01
A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP packet header starting from the message token. The length of the token in…
CVE-2020-12887Jun 18, 2020
Arm
Mbed OS
risk 0.00cvss —epss 0.01
Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap library 5.1.5. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP option number field of all options…
CVE-2019-17211Nov 5, 2019
Arm
Mbed OS
risk 0.00cvss —epss 0.01
An integer overflow was discovered in the CoAP library in Arm Mbed OS 5.14.0. The function sn_coap_builder_calc_needed_packet_data_size_2() is used to calculate the required memory for the CoAP message from the sn_coap_hdr_s data structure. Both returned_byte_count and…
CVE-2019-17212Nov 5, 2019
Arm
Mbed OS
risk 0.00cvss —epss 0.02
Buffer overflows were discovered in the CoAP library in Arm Mbed OS 5.14.0. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the…
CVE-2019-17210Nov 4, 2019
Arm
Mbed OS
risk 0.00cvss —epss 0.00
A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02. The function readMQTTLenString() is called by the function MQTTDeserialize_publish() to get the length and content of the MQTT topic name. In the function readMQTTLenString(),…