CVE-2018-12679

The Serialize.deserialize() method in CoAPthon3 1.0 and 1.0.1 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, example collect CoAP server and client) when they receive crafted CoAP messages.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
coapthon3_projectcoapthon3
1.0
coapthon3_projectcoapthon3
1.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Tanganelli/CoAPthon3/issues/16
https://github.com/Tanganelli/CoAPthon3/issues/16