rpm package
opensuse/libcoap&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/libcoap&distro=openSUSE%20Tumbleweed
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-29013 | Cri | 9.8 | < 4.3.5b-1.1 | 4.3.5b-1.1 | Apr 17, 2026 | libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP | |
| CVE-2025-65501 | — | < 4.3.5a-1.1 | 4.3.5a-1.1 | Nov 24, 2025 | Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL. | ||
| CVE-2025-65500 | — | < 4.3.5a-1.1 | 4.3.5a-1.1 | Nov 24, 2025 | NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL. | ||
| CVE-2025-65499 | — | < 4.3.5a-1.1 | 4.3.5a-1.1 | Nov 24, 2025 | Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_ex_data_X509_STORE_CTX_idx() to return -1. | ||
| CVE-2025-65498 | — | < 4.3.5a-1.1 | 4.3.5a-1.1 | Nov 24, 2025 | NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL. | ||
| CVE-2025-65497 | — | < 4.3.5a-1.1 | 4.3.5a-1.1 | Nov 24, 2025 | NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL. | ||
| CVE-2025-65496 | — | < 4.3.5a-1.1 | 4.3.5a-1.1 | Nov 24, 2025 | NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL. | ||
| CVE-2025-65495 | — | < 4.3.5a-1.1 | 4.3.5a-1.1 | Nov 24, 2025 | Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2d_X509() to return -1 and be misused as a malloc() size parameter. | ||
| CVE-2025-65494 | — | < 4.3.5a-1.1 | 4.3.5a-1.1 | Nov 24, 2025 | NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes sk_GENERAL_NAME_value() to return NULL. | ||
| CVE-2025-65493 | — | < 4.3.5a-1.1 | 4.3.5a-1.1 | Nov 24, 2025 | NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL. |
- affected < 4.3.5b-1.1fixed 4.3.5b-1.1
libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP
- CVE-2025-65501Nov 24, 2025affected < 4.3.5a-1.1fixed 4.3.5a-1.1
Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL.
- CVE-2025-65500Nov 24, 2025affected < 4.3.5a-1.1fixed 4.3.5a-1.1
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
- CVE-2025-65499Nov 24, 2025affected < 4.3.5a-1.1fixed 4.3.5a-1.1
Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_ex_data_X509_STORE_CTX_idx() to return -1.
- CVE-2025-65498Nov 24, 2025affected < 4.3.5a-1.1fixed 4.3.5a-1.1
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
- CVE-2025-65497Nov 24, 2025affected < 4.3.5a-1.1fixed 4.3.5a-1.1
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
- CVE-2025-65496Nov 24, 2025affected < 4.3.5a-1.1fixed 4.3.5a-1.1
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
- CVE-2025-65495Nov 24, 2025affected < 4.3.5a-1.1fixed 4.3.5a-1.1
Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2d_X509() to return -1 and be misused as a malloc() size parameter.
- CVE-2025-65494Nov 24, 2025affected < 4.3.5a-1.1fixed 4.3.5a-1.1
NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes sk_GENERAL_NAME_value() to return NULL.
- CVE-2025-65493Nov 24, 2025affected < 4.3.5a-1.1fixed 4.3.5a-1.1
NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL.