CVE-2018-12680

EUVD-2019-0028
The Serialize.deserialize() method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, CoAP reverse proxy, example collect CoAP server and client) when they receive crafted CoAP messages.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
coapthon_projectcoapthon
3.1
coapthon_projectcoapthon
4.0.0
coapthon_projectcoapthon
4.0.1
coapthon_projectcoapthon
4.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Tanganelli/CoAPthon/issues/135
https://github.com/Tanganelli/CoAPthon/issues/135