CVE-2018-12680

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-12680

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-12680.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-12680

Aliases

Published

2019-04-02T20:29:00Z

Modified

2024-10-12T03:09:43.736154Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

The Serialize.deserialize() method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, CoAP reverse proxy, example collect CoAP server and client) when they receive crafted CoAP messages.

References

https://github.com/Tanganelli/CoAPthon/issues/135

Affected packages

Git / github.com/tanganelli/coapthon

Affected ranges

Type: GIT
Repo: https://github.com/tanganelli/coapthon
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

034e25932a9b7d0ebafa133ba92038e76ca1ed8e

Last affected

0655a83af932c72c6262047d0f2b12bb914354f2

Last affected

379b5c6fc02ae968851cabfe58b3660cfd8945de

Last affected

71c34bdc3acf699be0dabf93ce3fa6b3ba9de11c

Affected versions

1.*

1.0

2.*

2.0

3.*

3.0

3.1

4.*

4.0.0