An integer overflow was discovered in the CoAP library in Arm Mbed OS 5.14.0. The function sn_coap_builder_calc_needed_packet_data_size_2() is used to calculate the required memory for the CoAP message from the sn_coap_hdr_s data structure. Both returned_byte_count and src_coap_msg_ptr->payload_len are of type uint16_t. When added together, the result returned_byte_count can wrap around the maximum uint16_t value. As a result, insufficient buffer space is allocated for the corresponding CoAP message.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-11-05T15:06:40

Updated: 2024-08-05T01:33:17.231Z

Reserved: 2019-10-06T00:00:00

Link: CVE-2019-17211

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-11-05T16:15:10.570

Modified: 2024-11-21T04:31:51.997

Link: CVE-2019-17211

cve-icon Redhat

No data.