VYPR
Vendor

Obgm

Products
1
CVEs
19
Across products
19
Status
Private

Products

1

Recent CVEs

19
  • CVE-2025-50518CriAug 14, 2025
    risk 0.64cvss 9.8epss 0.00

    A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. This issue occurs due to improper handling of memory after the freeing of a PDU object, leading to potential memory corruption or the possibility of executing…

  • CVE-2026-29013CriApr 17, 2026
    risk 0.57cvss 9.8epss 0.00

    libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted…

  • CVE-2024-46304HigOct 9, 2024
    risk 0.49cvss 7.5epss 0.01

    A NULL pointer dereference in libcoap v4.3.5-rc2 and below allows a remote attacker to cause a denial of service via the coap_handle_request_put_block function in src/coap_block.c.

  • CVE-2023-51847HigJun 6, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in obgm and Libcoap v.a3ed466 allows a remote attacker to cause a denial of service via thecoap_context_t function in the src/coap_threadsafe.c:297:3 component.

  • CVE-2025-34468Dec 31, 2025
    risk 0.00cvss epss 0.01

    libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a…

  • CVE-2025-59391Dec 8, 2025
    risk 0.00cvss epss 0.00

    A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the…

  • CVE-2025-65493Nov 24, 2025
    risk 0.00cvss epss 0.00

    NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL.

  • CVE-2025-65497Nov 24, 2025
    risk 0.00cvss epss 0.00

    NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.

  • CVE-2025-65495Nov 24, 2025
    risk 0.00cvss epss 0.00

    Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2d_X509() to return -1 and be misused as a malloc() size parameter.

  • CVE-2025-65501Nov 24, 2025
    risk 0.00cvss epss 0.00

    Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL.

  • CVE-2025-65496Nov 24, 2025
    risk 0.00cvss epss 0.00

    NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.

  • CVE-2025-65500Nov 24, 2025
    risk 0.00cvss epss 0.00

    NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.

  • CVE-2025-65494Nov 24, 2025
    risk 0.00cvss epss 0.00

    NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes sk_GENERAL_NAME_value() to return NULL.

  • CVE-2025-65498Nov 24, 2025
    risk 0.00cvss epss 0.00

    NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.

  • CVE-2025-65499Nov 24, 2025
    risk 0.00cvss epss 0.00

    Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_ex_data_X509_STORE_CTX_idx() to return -1.

  • CVE-2024-31031Apr 17, 2024
    risk 0.00cvss epss 0.01

    An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow.

  • CVE-2024-0962Jan 27, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. The manipulation leads to stack-based buffer overflow. The attack may…

  • CVE-2023-30362Jun 23, 2023
    risk 0.00cvss epss 0.01

    Buffer Overflow vulnerability in coap_send function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows attackers to obtain sensitive information via malformed pdu.

  • CVE-2023-35862Jun 19, 2023
    risk 0.00cvss epss 0.01

    libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c.