漏洞标题
N/A
漏洞描述信息
在Arm Mbed OS 5.15.3中发现了一篇无限循环。CoAP解析器负责解析接收到的CoAP包。 sn_coap_parser_options_parse_multiple_options()函数在while循环中解析CoAP选项。此循环的退出条件使用先前分配的用于存储多个选项解析结果的堆内存计算。如果输入堆内存计算结果为0字节,循环退出条件永远不会满足,循环不会终止。因此, packets 解析函数永远不会退出,导致资源消耗。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options in a while loop. This loop's exit condition is computed using the previously allocated heap memory required for storing the result of parsing multiple options. If the input heap memory calculation results in zero bytes, the loop exit condition is never met and the loop is not terminated. As a result, the packet parsing function never exits, leading to resource consumption.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
ARM Mbed OS 安全漏洞
漏洞描述信息
ARM Mbed OS是英国ARM公司的一套专用于物联网的开源嵌入式操作系统。CoAP library是其中的一个约束应用协议(CoAP)库。 ARM Mbed OS 5.15.3版本中的CoAP库解析器存在安全漏洞。攻击者可利用该漏洞造成无限循环。
CVSS信息
N/A
漏洞类别
其他