CVE-2024-0962 - OpenCVE

A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252206 is the identifier assigned to this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Libcoap	Libcoap

Configuration 1 [-]

cpe:2.3:a:libcoap:libcoap:4.3.4:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/obgm/libcoap/issues/1310
https://github.com/obgm/libcoap/issues/1310#issue-2099860835
https://github.com/obgm/libcoap/pull/1311
https://vuldb.com/?ctiid.252206
https://vuldb.com/?id.252206

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-01-27T12:31:04.433Z

Updated: 2024-08-01T18:26:28.970Z

Reserved: 2024-01-26T17:29:36.501Z

Link: CVE-2024-0962

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-27T13:15:07.973

Modified: 2024-05-17T02:35:06.620

Link: CVE-2024-0962

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0962", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-01-26T17:29:36.501Z", "datePublished": "2024-01-27T12:31:04.433Z", "dateUpdated": "2024-08-01T18:26:28.970Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-01-27T12:31:04.433Z"}, "title": "obgm libcoap Configuration File coap_oscore.c get_split_entry stack-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "CWE-121 Stack-based Buffer Overflow"}]}], "affected": [{"vendor": "obgm", "product": "libcoap", "versions": [{"version": "4.3.4", "status": "affected"}], "modules": ["Configuration File Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252206 is the identifier assigned to this vulnerability."}, {"lang": "de", "value": "Eine kritische Schwachstelle wurde in obgm libcoap 4.3.4 ausgemacht. Es geht hierbei um die Funktion get_split_entry der Datei src/coap_oscore.c der Komponente Configuration File Handler. Durch das Beeinflussen mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "timeline": [{"time": "2024-01-26T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-01-26T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-01-26T18:34:52.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "MSXF (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.252206", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.252206", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/obgm/libcoap/issues/1310", "tags": ["issue-tracking"]}, {"url": "https://github.com/obgm/libcoap/issues/1310#issue-2099860835", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/obgm/libcoap/pull/1311", "tags": ["issue-tracking", "patch"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:28.970Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.252206", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.252206", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/obgm/libcoap/issues/1310", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://github.com/obgm/libcoap/issues/1310#issue-2099860835", "tags": ["exploit", "issue-tracking", "x_transferred"]}, {"url": "https://github.com/obgm/libcoap/pull/1311", "tags": ["issue-tracking", "patch", "x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libcoap:libcoap:4.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "6015782B-1A2E-4F55-BA3F-D40FDAFAD2CE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252206 is the identifier assigned to this vulnerability."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en obgm libcoap 4.3.4. Ha sido calificada como cr\u00edtica. La funci\u00f3n get_split_entry del archivo src/coap_oscore.c del componente Configuration File Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. Se recomienda aplicar un parche para solucionar este problema. VDB-252206 es el identificador asignado a esta vulnerabilidad."}], "id": "CVE-2024-0962", "lastModified": "2024-05-17T02:35:06.620", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-01-27T13:15:07.973", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Patch"], "url": "https://github.com/obgm/libcoap/issues/1310"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/obgm/libcoap/issues/1310#issue-2099860835"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/obgm/libcoap/pull/1311"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/?ctiid.252206"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.252206"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-121"}], "source": "cna@vuldb.com", "type": "Secondary"}]}