cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-12883,https://securityvulnerability.io/vulnerability/CVE-2020-12883,Buffer Over-Reads in CoAP Library of Arm Mbed OS,"A vulnerability was identified in the CoAP library of Arm Mbed OS 5.15.3, where buffer over-reads can occur during CoAP packet parsing. The issue arises in the function responsible for parsing options, which fails to properly verify the input packet length against the number of bytes read. This results in access to memory locations either on the heap or stack outside the intended boundary of the buffer, potentially leading to unauthorized memory access or processing of unintended inputs. Depending on the platform's memory management, this flaw could lead to system instability and security breaches.",Arm,Mbed Os,9.1,CRITICAL,0.005570000037550926,false,,false,false,false,,,false,false,,2020-06-18T18:24:59.000Z,0
CVE-2020-12884,https://securityvulnerability.io/vulnerability/CVE-2020-12884,Buffer Over-read Vulnerability in Arm Mbed OS CoAP Library,"A buffer over-read issue exists in the CoAP library of Arm Mbed OS 5.15.3. This vulnerability arises when the CoAP parser processes packets that may contain multiple options. Specifically, the function sn_coap_parser_options_parse_multiple_options() fails to conduct an out-of-bounds check on packet_data_pptr after incrementing it by option_len. While there is a validation check for temp_parsed_uri_query_ptr, it relies on allocated heap memory rather than the actual size of input data. Thus, access can potentially go beyond the intended packet buffer boundary, posing significant security risks.",Arm,Mbed Os,9.1,CRITICAL,0.0023499999660998583,false,,false,false,false,,,false,false,,2020-06-18T18:24:56.000Z,0
CVE-2020-12885,https://securityvulnerability.io/vulnerability/CVE-2020-12885,Infinite Loop in CoAP Library of Arm Mbed OS 5.15.3,"An infinite loop vulnerability exists in the CoAP library of Arm Mbed OS 5.15.3, specifically within the sn_coap_parser_options_parse_multiple_options() function. This function is responsible for parsing CoAP packets and, due to a flaw in the loop's exit condition, can enter an endless loop. This occurs when the calculated heap memory required to store parsed options equates to zero bytes, causing the loop to never terminate. The result is excessive resource consumption that can lead to degraded performance or service denial.",Arm,Mbed Os,7.5,HIGH,0.001449999981559813,false,,false,false,false,,,false,false,,2020-06-18T18:24:53.000Z,0
CVE-2020-12886,https://securityvulnerability.io/vulnerability/CVE-2020-12886,Buffer Over-Read in CoAP Library of Arm Mbed OS,"A buffer over-read vulnerability exists in the CoAP library of Arm Mbed OS 5.15.3. The issue arises within the sn_coap_parser_options_parse() function, where the length of the message token is specified in the first byte of a CoAP packet. However, there is no validation of this token length against the actual input buffer, leading to potential memory access outside the designated buffer boundaries. This flaw can result in unexpected behavior or information leaks, highlighting the need for careful input validation to ensure robust security.",Arm,Mbed Os,9.1,CRITICAL,0.0023499999660998583,false,,false,false,false,,,false,false,,2020-06-18T18:24:51.000Z,0
CVE-2019-17210,https://securityvulnerability.io/vulnerability/CVE-2019-17210,Denial-of-Service Vulnerability in MQTT Library of Arm Mbed OS,"A denial-of-service issue was identified in the MQTT library of Arm Mbed OS version 2017-11-02. The vulnerability arises when the function readMQTTLenString() is utilized to obtain the length and content of the MQTT topic name, where user input can be manipulated to yield larger values than intended. This manipulation leads to unpredictable behavior in the program as the mqttstring->lenstring.data defaults to zero after bypassing crucial validations. Such an incident can result in accessing a memory address that could compromise the functioning of applications relying on the library, particularly on Arm Cortex-M chips.",Arm,"Mbed-MQtt,Mbed-os",7.5,HIGH,0.0012100000167265534,false,,false,false,false,,,false,false,,2019-11-04T19:48:28.000Z,0