Home > Vulnerability Database > CVE-2018-12680

Mend.io Vulnerability Database

CVE-2018-12680

Good to know:

Date: April 2, 2019

The Serialize.deserialize() method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, CoAP reverse proxy, example collect CoAP server and client) when they receive crafted CoAP messages.

Language: Python

Severity Score

7.5

Related Resources (6)

Url: https://github.com/advisories/GHSA-5xc6-fpc7-4qvg

Url: https://github.com/Tanganelli/CoAPthon/issues/135

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-12680

Url: https://github.com/Tanganelli/CoAPthon

Url: https://github.com/pypa/advisory-database/tree/main/vulns/coapthon/PYSEC-2019-165.yaml

Url: https://www.mend.io/vulnerability-database/CVE-2018-12680

Severity Score

7.5

Weakness Type (CWE)

Deserialization of Untrusted Data

CWE-502

Improper Input Validation

CWE-20

Uncontrolled Resource Consumption

CWE-400

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-12680

Good to know:

Date: April 2, 2019

Language: Python

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?