Libcoap
by Obgm
Source repositories
CVEs (19)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-50518 | Cri | 0.64 | 9.8 | 0.00 | Aug 14, 2025 | A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. This issue occurs due to improper handling of memory after the freeing of a PDU object, leading to potential memory corruption or the possibility of executing… | ||
| CVE-2026-29013 | Cri | 0.57 | 9.8 | 0.00 | Apr 17, 2026 | libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted… | ||
| CVE-2024-46304 | Hig | 0.49 | 7.5 | 0.01 | Oct 9, 2024 | A NULL pointer dereference in libcoap v4.3.5-rc2 and below allows a remote attacker to cause a denial of service via the coap_handle_request_put_block function in src/coap_block.c. | ||
| CVE-2023-51847 | Hig | 0.49 | 7.5 | 0.01 | Jun 6, 2024 | An issue in obgm and Libcoap v.a3ed466 allows a remote attacker to cause a denial of service via thecoap_context_t function in the src/coap_threadsafe.c:297:3 component. | ||
| CVE-2025-34468 | 0.00 | — | 0.01 | Dec 31, 2025 | libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a… | |||
| CVE-2025-59391 | 0.00 | — | 0.00 | Dec 8, 2025 | A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the… | |||
| CVE-2025-65498 | 0.00 | — | 0.00 | Nov 24, 2025 | NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL. | |||
| CVE-2025-65499 | 0.00 | — | 0.00 | Nov 24, 2025 | Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_ex_data_X509_STORE_CTX_idx() to return -1. | |||
| CVE-2025-65501 | 0.00 | — | 0.00 | Nov 24, 2025 | Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL. | |||
| CVE-2025-65493 | 0.00 | — | 0.00 | Nov 24, 2025 | NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL. | |||
| CVE-2025-65497 | 0.00 | — | 0.00 | Nov 24, 2025 | NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL. | |||
| CVE-2025-65496 | 0.00 | — | 0.00 | Nov 24, 2025 | NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL. | |||
| CVE-2025-65500 | 0.00 | — | 0.00 | Nov 24, 2025 | NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL. | |||
| CVE-2025-65495 | 0.00 | — | 0.00 | Nov 24, 2025 | Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2d_X509() to return -1 and be misused as a malloc() size parameter. | |||
| CVE-2025-65494 | 0.00 | — | 0.00 | Nov 24, 2025 | NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes sk_GENERAL_NAME_value() to return NULL. | |||
| CVE-2024-31031 | 0.00 | — | 0.01 | Apr 17, 2024 | An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow. | |||
| CVE-2024-0962 | 0.00 | — | 0.01 | Jan 27, 2024 | A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. The manipulation leads to stack-based buffer overflow. The attack may… | |||
| CVE-2023-30362 | 0.00 | — | 0.01 | Jun 23, 2023 | Buffer Overflow vulnerability in coap_send function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows attackers to obtain sensitive information via malformed pdu. | |||
| CVE-2023-35862 | 0.00 | — | 0.01 | Jun 19, 2023 | libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c. |
- risk 0.64cvss 9.8epss 0.00
A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. This issue occurs due to improper handling of memory after the freeing of a PDU object, leading to potential memory corruption or the possibility of executing…
- risk 0.57cvss 9.8epss 0.00
libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted…
- risk 0.49cvss 7.5epss 0.01
A NULL pointer dereference in libcoap v4.3.5-rc2 and below allows a remote attacker to cause a denial of service via the coap_handle_request_put_block function in src/coap_block.c.
- risk 0.49cvss 7.5epss 0.01
An issue in obgm and Libcoap v.a3ed466 allows a remote attacker to cause a denial of service via thecoap_context_t function in the src/coap_threadsafe.c:297:3 component.
- CVE-2025-34468Dec 31, 2025risk 0.00cvss —epss 0.01
libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a…
- CVE-2025-59391Dec 8, 2025risk 0.00cvss —epss 0.00
A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the…
- CVE-2025-65498Nov 24, 2025risk 0.00cvss —epss 0.00
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
- CVE-2025-65499Nov 24, 2025risk 0.00cvss —epss 0.00
Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_ex_data_X509_STORE_CTX_idx() to return -1.
- CVE-2025-65501Nov 24, 2025risk 0.00cvss —epss 0.00
Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL.
- CVE-2025-65493Nov 24, 2025risk 0.00cvss —epss 0.00
NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL.
- CVE-2025-65497Nov 24, 2025risk 0.00cvss —epss 0.00
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
- CVE-2025-65496Nov 24, 2025risk 0.00cvss —epss 0.00
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
- CVE-2025-65500Nov 24, 2025risk 0.00cvss —epss 0.00
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
- CVE-2025-65495Nov 24, 2025risk 0.00cvss —epss 0.00
Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2d_X509() to return -1 and be misused as a malloc() size parameter.
- CVE-2025-65494Nov 24, 2025risk 0.00cvss —epss 0.00
NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes sk_GENERAL_NAME_value() to return NULL.
- CVE-2024-31031Apr 17, 2024risk 0.00cvss —epss 0.01
An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow.
- CVE-2024-0962Jan 27, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. The manipulation leads to stack-based buffer overflow. The attack may…
- CVE-2023-30362Jun 23, 2023risk 0.00cvss —epss 0.01
Buffer Overflow vulnerability in coap_send function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows attackers to obtain sensitive information via malformed pdu.
- CVE-2023-35862Jun 19, 2023risk 0.00cvss —epss 0.01
libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c.