Skip to content

Instantly share code, notes, and snippets.

@dqp10515
Created October 19, 2024 13:15
Show Gist options
  • Save dqp10515/fe80005e2fb58ed8ada178ac017e4ad4 to your computer and use it in GitHub Desktop.
Save dqp10515/fe80005e2fb58ed8ada178ac017e4ad4 to your computer and use it in GitHub Desktop.
CVE-2024-40493
[Suggested description]
Null Pointer Dereference in `coap_client_exchange_blockwise2` function
in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial
of service and potentially execute arbitrary code via a specially
crafted CoAP packet that causes `coap_msg_get_payload(resp)` to return
a null pointer, which is then dereferenced in a call to `memcpy`.
------------------------------------------
[VulnerabilityType Other]
Null Pointer Dereference
------------------------------------------
[Vendor of Product]
https://github.com/keith-cullen/FreeCoAP
------------------------------------------
[Affected Product Code Base]
An implementation of a CoAP client, a CoAP server and a HTTP/CoAP proxy with full DTLS support. https://github.com/keith-cullen/FreeCoAP - v0.7
------------------------------------------
[Affected Component]
coap_client_exchange_blockwise2 function in coap_client.c
memcpy function (issue details can be found in the issue link) (https://github.com/keith-cullen/FreeCoAP/issues/37)
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Code execution]
true
------------------------------------------
[Impact Denial of Service]
true
------------------------------------------
[Attack Vectors]
To exploit this vulnerability, an attacker can send a specially crafted CoAP packet to the server, causing the coap_msg_get_payload(resp) function to return a null pointer. This null pointer is then passed to the memcpy function as the source argument, leading to undefined behavior and potential crashes.
Detailed steps to reproduce the issue can be found in the Reproduce Info section of the following link:
https://github.com/keith-cullen/FreeCoAP/issues/37
------------------------------------------
[Reference]
https://github.com/keith-cullen/FreeCoAP/issues/37
------------------------------------------
[Discoverer]
wingtecher
Use CVE-2024-40493.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment