-
-
Save dqp10515/fe80005e2fb58ed8ada178ac017e4ad4 to your computer and use it in GitHub Desktop.
CVE-2024-40493
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Suggested description] | |
Null Pointer Dereference in `coap_client_exchange_blockwise2` function | |
in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial | |
of service and potentially execute arbitrary code via a specially | |
crafted CoAP packet that causes `coap_msg_get_payload(resp)` to return | |
a null pointer, which is then dereferenced in a call to `memcpy`. | |
------------------------------------------ | |
[VulnerabilityType Other] | |
Null Pointer Dereference | |
------------------------------------------ | |
[Vendor of Product] | |
https://github.com/keith-cullen/FreeCoAP | |
------------------------------------------ | |
[Affected Product Code Base] | |
An implementation of a CoAP client, a CoAP server and a HTTP/CoAP proxy with full DTLS support. https://github.com/keith-cullen/FreeCoAP - v0.7 | |
------------------------------------------ | |
[Affected Component] | |
coap_client_exchange_blockwise2 function in coap_client.c | |
memcpy function (issue details can be found in the issue link) (https://github.com/keith-cullen/FreeCoAP/issues/37) | |
------------------------------------------ | |
[Attack Type] | |
Remote | |
------------------------------------------ | |
[Impact Code execution] | |
true | |
------------------------------------------ | |
[Impact Denial of Service] | |
true | |
------------------------------------------ | |
[Attack Vectors] | |
To exploit this vulnerability, an attacker can send a specially crafted CoAP packet to the server, causing the coap_msg_get_payload(resp) function to return a null pointer. This null pointer is then passed to the memcpy function as the source argument, leading to undefined behavior and potential crashes. | |
Detailed steps to reproduce the issue can be found in the Reproduce Info section of the following link: | |
https://github.com/keith-cullen/FreeCoAP/issues/37 | |
------------------------------------------ | |
[Reference] | |
https://github.com/keith-cullen/FreeCoAP/issues/37 | |
------------------------------------------ | |
[Discoverer] | |
wingtecher | |
Use CVE-2024-40493. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment