Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV4YzYtZnBjNy00cXZn
CoAPthon DoS due to Exceptions
The Serialize.deserialize() method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, CoAP reverse proxy, example collect CoAP server and client) when they receive crafted CoAP messages.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV4YzYtZnBjNy00cXZn
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 5 years ago
Updated: 3 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Percentage: 0.00096
EPSS Percentile: 0.415
Identifiers: GHSA-5xc6-fpc7-4qvg, CVE-2018-12680
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-12680
- https://github.com/Tanganelli/CoAPthon/issues/135
- https://github.com/advisories/GHSA-5xc6-fpc7-4qvg
- https://github.com/pypa/advisory-database/tree/main/vulns/coapthon/PYSEC-2019-165.yaml
Blast Radius: 3.6
Affected Packages
pypi:CoAPthon
Dependent packages: 0Dependent repositories: 3
Downloads: 259 last month
Affected Version Ranges: <= 4.0.2
No known fixed version
All affected versions: 4.0.0, 4.0.1, 4.0.2