Описание
The Serialize.deserialize() method in CoAPthon3 1.0 and 1.0.1 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, example collect CoAP server and client) when they receive crafted CoAP messages.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:coapthon3_project:coapthon3:1.0:*:*:*:*:*:*:*
cpe:2.3:a:coapthon3_project:coapthon3:1.0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00372
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-502
Связанные уязвимости
CVSS3: 7.5
github
почти 7 лет назад
CoAPthon3 vulnerable to Deserialization of Untrusted Data
EPSS
Процентиль: 58%
0.00372
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-502