PYSEC-2019-165

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/coapthon/PYSEC-2019-165.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2019-165

Aliases

CVE-2018-12680
GHSA-5xc6-fpc7-4qvg

Published

2019-04-02T20:29:00Z

Modified

2023-11-01T04:48:54.106400Z

Summary

[none]

Details

The Serialize.deserialize() method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, CoAP reverse proxy, example collect CoAP server and client) when they receive crafted CoAP messages.

References

https://github.com/Tanganelli/CoAPthon/issues/135
https://github.com/advisories/GHSA-5xc6-fpc7-4qvg

Affected packages

PyPI / coapthon

Package

Name: coapthon; View open source insights on deps.dev
Purl: pkg:pypi/coapthon

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.1

Affected versions

4.*

4.0.0

4.0.1

4.0.2