CVE-2018-12680 — CoAPthon DoS due to Exceptions

Description

The Serialize.deserialize() method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, CoAP reverse proxy, example collect CoAP server and client) when they receive crafted CoAP messages.

How to fix CVE-2018-12680

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

—no fix listed
—no fix listed

Is CVE-2018-12680 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, <= 4.0.2
>= 3.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (5)

ADVISORYgithub.com/advisories/GHSA-5xc6-fpc7-4qvg
ADVISORYnvd.nist.gov/vuln/detail/CVE-2018-12680
PATCHgithub.com/Tanganelli/CoAPthon
WEBgithub.com/pypa/advisory-database/tree/main/vulns/coapthon/PYSEC-2019-165.yaml
WEB