jakub-botwicz
commented
5 years ago Following versions are vulnerable to this issue: 1.0, 1.0.1.
Open cve-reporting opened 5 years ago
jakub-botwicz
commented
5 years ago Following versions are vulnerable to this issue: 1.0, 1.0.1.
Multiple sample applications from CoAPthon3 library are vulnerable to Denial of Service attacks caused by maliciously crafted CoAP messages. Method Serialize.deserialize() improperly handle multiple exception types leading to crash of applications (including standard CoAP server, CoAP client, example collect CoAP server and client).
Example payloads and unhandled exceptions:
Error message: File "CoAPthon3-master/coapthon/serializer.py", line 57, in deserialize message.token = token_value.decode("utf-8") File "/usr/lib/python2.7/encodings/utf_8.py", line 16, in decode return codecs.utf_8_decode(input, errors, True) UnicodeDecodeError: 'utf8' codec can't decode byte 0xfd in position 2: invalid start byte
Error message: File "CoAPthon3-master/coapthon/serializer.py", line 57, in deserialize message.token = token_value.decode("utf-8") File "CoAPthon3-master/coapthon/messages/message.py", line 126, in token value = str(value) UnicodeEncodeError: 'ascii' codec can't encode character u'\u0740' in position 1: ordinal not in range(128)
Proposed CVSS score: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (7.5 - High)
Mitigation: All exception types should be handled in the main loop of CoAPthon3 applications (including standard CoAP server, CoAP client, example collect CoAP server and client), to provide uninterruptible service.
CoAPthon3_crashes.zip
Issue was reported via email on 26th of February to CoAPthon3 developers and registered in CVE database (reserved id is: CVE-2018-12679).