VYPR

rpm package

opensuse/libcoap&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/libcoap&distro=openSUSE%20Tumbleweed

Vulnerabilities (10)

  • CVE-2026-29013CriApr 17, 2026
    affected < 4.3.5b-1.1fixed 4.3.5b-1.1

    libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP

  • CVE-2025-65501Nov 24, 2025
    affected < 4.3.5a-1.1fixed 4.3.5a-1.1

    Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL.

  • CVE-2025-65500Nov 24, 2025
    affected < 4.3.5a-1.1fixed 4.3.5a-1.1

    NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.

  • CVE-2025-65499Nov 24, 2025
    affected < 4.3.5a-1.1fixed 4.3.5a-1.1

    Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_ex_data_X509_STORE_CTX_idx() to return -1.

  • CVE-2025-65498Nov 24, 2025
    affected < 4.3.5a-1.1fixed 4.3.5a-1.1

    NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.

  • CVE-2025-65497Nov 24, 2025
    affected < 4.3.5a-1.1fixed 4.3.5a-1.1

    NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.

  • CVE-2025-65496Nov 24, 2025
    affected < 4.3.5a-1.1fixed 4.3.5a-1.1

    NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.

  • CVE-2025-65495Nov 24, 2025
    affected < 4.3.5a-1.1fixed 4.3.5a-1.1

    Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2d_X509() to return -1 and be misused as a malloc() size parameter.

  • CVE-2025-65494Nov 24, 2025
    affected < 4.3.5a-1.1fixed 4.3.5a-1.1

    NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes sk_GENERAL_NAME_value() to return NULL.

  • CVE-2025-65493Nov 24, 2025
    affected < 4.3.5a-1.1fixed 4.3.5a-1.1

    NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL.