GHSA-5xc6-fpc7-4qvg

Source

https://github.com/advisories/GHSA-5xc6-fpc7-4qvg

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/04/GHSA-5xc6-fpc7-4qvg/GHSA-5xc6-fpc7-4qvg.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-5xc6-fpc7-4qvg

Aliases

Published

2019-04-08T15:19:01Z

Modified

2024-09-13T14:47:33.488890Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

CoAPthon DoS due to Exceptions

Details

The Serialize.deserialize() method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, CoAP reverse proxy, example collect CoAP server and client) when they receive crafted CoAP messages.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-400",
        "CWE-502"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:17:34Z"
}

References

Affected packages

PyPI / coapthon

Package

Name: coapthon; View open source insights on deps.dev
Purl: pkg:pypi/coapthon

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

4.0.2

Affected versions

4.*

4.0.0

4.0.1

4.0.2