Skip to main content

Libcoap EUVDEUVD-2025-201786

| CVE-2025-59391 MEDIUM
Out-of-bounds Read (CWE-125)
2025-12-08 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
Low

Lifecycle Timeline

4
EUVD ID Assigned
Mar 15, 2026 - 17:54 euvd
EUVD-2025-201786
Analysis Generated
Mar 15, 2026 - 17:54 vuln.today
Patch released
Mar 15, 2026 - 17:54 nvd
Patch available
CVE Published
Dec 08, 2025 - 17:16 nvd
MEDIUM 6.5

DescriptionCVE.org

A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the .rodata section. This could potentially lead to information disclosure or denial of service.

Analysis

A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the .rodata section. This could potentially lead to information disclosure or denial of service.

Technical ContextAI

An out-of-bounds memory access occurs when code reads from or writes to memory locations outside the intended buffer boundaries. This vulnerability is classified as Out-of-bounds Read (CWE-125).

RemediationAI

A vendor patch is available — apply it immediately. Implement proper bounds checking on all array and buffer accesses. Use memory-safe languages or static analysis tools to detect OOB issues.

CVE-2024-0962 HIGH POC
7.8 Jan 27

A vulnerability was found in obgm libcoap 4.3.4. Rated high severity (CVSS 7.8), this vulnerability is low attack comple

CVE-2024-31031 HIGH POC
7.5 Apr 17

An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leadin

CVE-2023-30362 HIGH POC
7.5 Jun 23

Buffer Overflow vulnerability in coap_send function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 al

CVE-2023-35862 MEDIUM POC
6.5 Jun 19

libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c. Rated medium sev

CVE-2026-29013 HIGH
8.8 Apr 17

Out-of-bounds read in libcoap's OSCORE CBOR parsing can escalate to heap buffer overflow, enabling remote unauthenticate

CVE-2025-34468 HIGH
8.2 Dec 31

Availability loss and potential remote code execution in libcoap (versions up to and including 4.3.5, before commit 30db

CVE-2025-65501 MEDIUM
4.3 Nov 24

Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of

CVE-2025-65500 MEDIUM
4.3 Nov 24

NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attack

CVE-2025-65499 MEDIUM
4.3 Nov 24

Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause

CVE-2025-65498 MEDIUM
4.3 Nov 24

NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attack

CVE-2025-65497 MEDIUM
4.3 Nov 24

NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attack

CVE-2025-65496 MEDIUM
4.3 Nov 24

NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attack

Vendor StatusVendor

SUSE

Severity: Medium

Share

EUVD-2025-201786 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy