CVE-2018-12680

The Serialize.deserialize() method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, CoAP reverse proxy, example collect CoAP server and client) when they receive crafted CoAP messages.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
VendorProductVersion
coapthon_projectcoapthon
3.1
coapthon_projectcoapthon
4.0.0
coapthon_projectcoapthon
4.0.1
coapthon_projectcoapthon
4.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Tanganelli/CoAPthon/issues/135
https://github.com/Tanganelli/CoAPthon/issues/135