EUVD-2025-201786
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Lifecycle Timeline
4Description
A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the .rodata section. This could potentially lead to information disclosure or denial of service.
Analysis
A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the .rodata section. This could potentially lead to information disclosure or denial of service.
Technical Context
An out-of-bounds memory access occurs when code reads from or writes to memory locations outside the intended buffer boundaries. This vulnerability is classified as Out-of-bounds Read (CWE-125).
Affected Products
Affected products: Libcoap Libcoap
Remediation
A vendor patch is available — apply it immediately. Implement proper bounds checking on all array and buffer accesses. Use memory-safe languages or static analysis tools to detect OOB issues.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today