CVE-2020-12885

HIGH Year: 2020
CVSS v3 Score
7.5
High
CVSS v2 Score
7.8
High
Weakness Type
CWE-835
View all →

Vulnerability Description

An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options in a while loop. This loop's exit condition is computed using the previously allocated heap memory required for storing the result of parsing multiple options. If the input heap memory calculation results in zero bytes, the loop exit condition is never met and the loop is not terminated. As a result, the packet parsing function never exits, leading to resource consumption.

Related Vulnerabilities

CVE-2011-1142

HIGH
CVSS:7.5(High)

Stack consumption vulnerability in the dissect_ber_choice function in the BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through 1.4.4 might allow remote attackers to cause a denial of serv...

CWE-8352011

CVE-2013-10005

HIGH
CVSS:7.5(High)

The RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loop which will crash the program due to a stack overflow.

CWE-8352013

CVE-2013-3722

HIGH
CVSS:7.5(High)

A Denial of Service (infinite loop) exists in OpenSIPS before 1.10 in lookup.c.

CWE-8352013

CVE-2013-7488

HIGH
CVSS:7.5(High)

perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.

CWE-8352013

CVE-2016-4970

HIGH
CVSS:7.5(High)

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).

CWE-8352016

CVE-2016-5042

HIGH
CVSS:7.5(High)

The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and crash) via a crafted DWARF section.

CWE-8352016