Search
Search Results (16 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-65493 | 1 Libcoap | 1 Libcoap | 2025-12-01 | 7.5 High |
| NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL. | ||||
| CVE-2025-65494 | 1 Libcoap | 1 Libcoap | 2025-12-01 | 7.5 High |
| NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes sk_GENERAL_NAME_value() to return NULL. | ||||
| CVE-2025-65495 | 1 Libcoap | 1 Libcoap | 2025-12-01 | 7.5 High |
| Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2d_X509() to return -1 and be misused as a malloc() size parameter. | ||||
| CVE-2025-65496 | 1 Libcoap | 1 Libcoap | 2025-12-01 | 4.3 Medium |
| NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL. | ||||
| CVE-2025-65497 | 1 Libcoap | 1 Libcoap | 2025-12-01 | 4.3 Medium |
| NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL. | ||||
| CVE-2025-65498 | 1 Libcoap | 1 Libcoap | 2025-12-01 | 4.3 Medium |
| NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL. | ||||
| CVE-2025-65499 | 1 Libcoap | 1 Libcoap | 2025-12-01 | 4.3 Medium |
| Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_ex_data_X509_STORE_CTX_idx() to return -1. | ||||
| CVE-2025-65500 | 1 Libcoap | 1 Libcoap | 2025-12-01 | 4.3 Medium |
| NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL. | ||||
| CVE-2025-65501 | 1 Libcoap | 1 Libcoap | 2025-12-01 | 4.3 Medium |
| Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL. | ||||
| CVE-2024-31031 | 2 Fedoraproject, Libcoap | 2 Fedora, Libcoap | 2025-11-04 | 7.5 High |
| An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow. | ||||
| CVE-2025-50518 | 1 Libcoap | 1 Libcoap | 2025-09-11 | 9.8 Critical |
| A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. This issue occurs due to improper handling of memory after the freeing of a PDU object, leading to potential memory corruption or the possibility of executing arbitrary code. NOTE: this is disputed by the Supplier because it only occurs when an application uses libcoap incorrectly. | ||||
| CVE-2024-0962 | 1 Libcoap | 1 Libcoap | 2025-06-17 | 6.3 Medium |
| A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252206 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-51847 | 1 Libcoap | 1 Libcoap | 2025-02-13 | 7.5 High |
| An issue in obgm and Libcoap v.a3ed466 allows a remote attacker to cause a denial of service via thecoap_context_t function in the src/coap_threadsafe.c:297:3 component. | ||||
| CVE-2023-35862 | 1 Libcoap | 1 Libcoap | 2024-12-11 | 6.5 Medium |
| libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c. | ||||
| CVE-2023-30362 | 1 Libcoap | 1 Libcoap | 2024-12-05 | 7.5 High |
| Buffer Overflow vulnerability in coap_send function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows attackers to obtain sensitive information via malformed pdu. | ||||
| CVE-2024-46304 | 1 Libcoap | 1 Libcoap | 2024-10-10 | 7.5 High |
| A NULL pointer dereference in libcoap v4.3.5-rc2 and below allows a remote attacker to cause a denial of service via the coap_handle_request_put_block function in src/coap_block.c. | ||||
Page 1 of 1.