CVE-2019-17211

CRITICAL

Arm Mbed OS 5.14.0 - Integer Overflow in CoAP Message Buffer Calculation

Title source: llm

Description

An integer overflow was discovered in the CoAP library in Arm Mbed OS 5.14.0. The function sn_coap_builder_calc_needed_packet_data_size_2() is used to calculate the required memory for the CoAP message from the sn_coap_hdr_s data structure. Both returned_byte_count and src_coap_msg_ptr->payload_len are of type uint16_t. When added together, the result returned_byte_count can wrap around the maximum uint16_t value. As a result, insufficient buffer space is allocated for the corresponding CoAP message.

References (8)

Core 8

Core References

Third Party Advisory x_refsource_misc

https://github.com/ARMmbed/mbed-os/blob/d0686fd30b4d3d02efdc7e4d0fbf0dfe173543b6/features/frameworks/mbed-coap/source/sn_coap_builder.c#L355

View Writeup ZIP pw:eip

Third Party Advisory x_refsource_misc

https://github.com/ARMmbed/mbed-os/blob/d0686fd30b4d3d02efdc7e4d0fbf0dfe173543b6/features/frameworks/mbed-coap/source/sn_coap_builder.c#L1090

View Writeup ZIP pw:eip

Third Party Advisory x_refsource_misc

https://github.com/ARMmbed/mbed-os/blob/d0686fd30b4d3d02efdc7e4d0fbf0dfe173543b6/features/frameworks/mbed-coap/source/sn_coap_builder.c#L710

View Writeup ZIP pw:eip

Third Party Advisory x_refsource_misc

https://github.com/ARMmbed/mbed-os/blob/d0686fd30b4d3d02efdc7e4d0fbf0dfe173543b6/features/frameworks/mbed-coap/source/sn_coap_builder.c#L524

View Writeup ZIP pw:eip

Third Party Advisory x_refsource_misc

https://github.com/ARMmbed/mbed-os/blob/d0686fd30b4d3d02efdc7e4d0fbf0dfe173543b6/features/frameworks/mbed-coap/source/sn_coap_builder.c#L527

View Writeup ZIP pw:eip

Third Party Advisory x_refsource_misc

https://github.com/ARMmbed/mbed-os/blob/d0686fd30b4d3d02efdc7e4d0fbf0dfe173543b6/features/frameworks/mbed-coap/source/sn_coap_builder.c#L718

View Writeup ZIP pw:eip

Third Party Advisory x_refsource_misc

https://github.com/ARMmbed/mbed-os/blob/d0686fd30b4d3d02efdc7e4d0fbf0dfe173543b6/features/frameworks/mbed-coap/source/sn_coap_builder.c#L746

View Writeup ZIP pw:eip

Exploit, Issue Tracking, Third Party Advisory x_refsource_misc

https://github.com/ARMmbed/mbed-os/issues/11804

Scores

CVSS v3 9.8

EPSS 0.0257

EPSS Percentile 83.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-190

Status published

Products (2)

mbed/mbed 5.13.2

mbed/mbed 5.14.0

Published Nov 05, 2019

Tracked Since Feb 18, 2026