Unrated severityOSV Advisory· Published Dec 31, 2025· Updated Mar 23, 2026
libcoap Stack-Based Buffer Overflow in Address Resolution DoS or Potential RCE
CVE-2025-34468
Description
libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentially achieve remote code execution depending on compiler options and runtime memory protections. Exploitation requires the proxy logic to be enabled (i.e., the proxy request handling code path in an application using libcoap).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/obgm/libcoap/commit/30db3eamitrepatch
- www.vulncheck.com/advisories/libcoap-stack-based-buffer-overflow-in-address-resolution-dos-or-potential-rcemitrethird-party-advisory
- github.com/obgm/libcoap/pull/1737mitreissue-tracking
- libcoap.netmitreproduct
News mentions
0No linked articles in our index yet.