Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Libcoap Subscribe
Filtered by product Libcoap
Total 13 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-65493 1 Libcoap 1 Libcoap 2025-12-01 N/A 7.5 HIGH
NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL.
CVE-2025-65494 1 Libcoap 1 Libcoap 2025-12-01 N/A 7.5 HIGH
NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes sk_GENERAL_NAME_value() to return NULL.
CVE-2025-65495 1 Libcoap 1 Libcoap 2025-12-01 N/A 7.5 HIGH
Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2d_X509() to return -1 and be misused as a malloc() size parameter.
CVE-2025-65496 1 Libcoap 1 Libcoap 2025-12-01 N/A 4.3 MEDIUM
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
CVE-2025-65497 1 Libcoap 1 Libcoap 2025-12-01 N/A 4.3 MEDIUM
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
CVE-2025-65498 1 Libcoap 1 Libcoap 2025-12-01 N/A 4.3 MEDIUM
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
CVE-2025-65499 1 Libcoap 1 Libcoap 2025-12-01 N/A 4.3 MEDIUM
Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_ex_data_X509_STORE_CTX_idx() to return -1.
CVE-2025-65500 1 Libcoap 1 Libcoap 2025-12-01 N/A 4.3 MEDIUM
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
CVE-2025-65501 1 Libcoap 1 Libcoap 2025-12-01 N/A 4.3 MEDIUM
Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL.
CVE-2024-31031 2 Fedoraproject, Libcoap 2 Fedora, Libcoap 2025-11-04 N/A 7.5 HIGH
An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow.
CVE-2024-0962 1 Libcoap 1 Libcoap 2024-11-21 7.5 HIGH 6.3 MEDIUM
A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252206 is the identifier assigned to this vulnerability.
CVE-2023-35862 1 Libcoap 1 Libcoap 2024-11-21 N/A 6.5 MEDIUM
libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c.
CVE-2023-30362 1 Libcoap 1 Libcoap 2024-11-21 N/A 7.5 HIGH
Buffer Overflow vulnerability in coap_send function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows attackers to obtain sensitive information via malformed pdu.