Denial of Service vulnerability caused by improper exception handling while parsing of CoAP messages

Question

Denial of Service vulnerability caused by improper exception handling while parsing of CoAP messages

cve-reporting opened this issue 6 years ago · 1 comments

Multiple sample applications from CoAPthon3 library are vulnerable to Denial of Service attacks caused by maliciously crafted CoAP messages.
Method Serialize.deserialize() improperly handle multiple exception types leading to crash of applications (including standard CoAP server, CoAP client, example collect CoAP server and client).

Example payloads and unhandled exceptions:

File: crash_000_UnicodeDecodeError.raw

Error message:
File "CoAPthon3-master/coapthon/serializer.py", line 57, in deserialize
message.token = token_value.decode("utf-8")
File "/usr/lib/python2.7/encodings/utf_8.py", line 16, in decode
return codecs.utf_8_decode(input, errors, True)
UnicodeDecodeError: 'utf8' codec can't decode byte 0xfd in position 2: invalid start byte

File: crash_005_UnicodeDecodeError.raw

Error message:
File "CoAPthon3-master/coapthon/serializer.py", line 57, in deserialize
message.token = token_value.decode("utf-8")
File "CoAPthon3-master/coapthon/messages/message.py", line 126, in token
value = str(value)
UnicodeEncodeError: 'ascii' codec can't encode character u'\u0740' in position 1: ordinal not in range(128)

Proposed CVSS score:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (7.5 - High)

Mitigation:
All exception types should be handled in the main loop of CoAPthon3 applications (including standard CoAP server, CoAP client, example collect CoAP server and client), to provide uninterruptible service.

CoAPthon3_crashes.zip

Issue was reported via email on 26th of February to CoAPthon3 developers and registered in CVE database (reserved id is: CVE-2018-12679).

Answer 1 · 2019-04-02T16:09:50.000Z

Following versions are vulnerable to this issue: 1.0, 1.0.1.