Unrated severityOSV Advisory· Published Dec 31, 2025· Updated Mar 23, 2026
libcoap Stack-Based Buffer Overflow in Address Resolution DoS or Potential RCE
CVE-2025-34468
Description
libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentially achieve remote code execution depending on compiler options and runtime memory protections. Exploitation requires the proxy logic to be enabled (i.e., the proxy request handling code path in an application using libcoap).
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/obgm/libcoap/commit/30db3eamitrepatch
- www.vulncheck.com/advisories/libcoap-stack-based-buffer-overflow-in-address-resolution-dos-or-potential-rcemitrethird-party-advisory
- github.com/obgm/libcoap/pull/1737mitreissue-tracking
- libcoap.netmitreproduct
News mentions
0No linked articles in our index yet.