Skip to main content

Libcoap

16 CVEs product

Monthly

CVE-2026-29013 HIGH PATCH This Week

Out-of-bounds read in libcoap's OSCORE CBOR parsing can escalate to heap buffer overflow, enabling remote unauthenticated attackers to trigger memory corruption via malformed CoAP packets. Affects libcoap versions prior to v4.3.5b. The vulnerability stems from release builds removing assert() bounds checks in get_byte_inc(), allowing integer wraparound during allocation size computation. No public exploit identified at time of analysis, but proof-of-concept is straightforward given the specific code path and commit fix available.

Information Disclosure Buffer Overflow Libcoap
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.0%
CVE-2025-34468 HIGH PATCH This Week

Availability loss and potential remote code execution in libcoap (versions up to and including 4.3.5, before commit 30db3ea) arises when attacker-controlled hostname data from a proxied CoAP URI is copied into a fixed 256-byte stack buffer during address resolution without bounds checking. A remote unauthenticated attacker can reliably crash any application that enables libcoap's proxy request handling, and may achieve code execution depending on the target's compiler hardening and runtime memory protections. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the official CVSS 4.0 base score is 8.2, but that score reflects availability impact only (VA:H, VC:N/VI:N).

Buffer Overflow Stack Overflow RCE Libcoap
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.6%
CVE-2025-59391 MEDIUM PATCH This Month

A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the .rodata section. This could potentially lead to information disclosure or denial of service.

Buffer Overflow Information Disclosure Denial Of Service Libcoap Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-65501 MEDIUM PATCH Monitor

Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Libcoap Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-65500 MEDIUM PATCH Monitor

NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libcoap Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-65499 MEDIUM PATCH Monitor

Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libcoap Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-65498 MEDIUM PATCH Monitor

NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libcoap Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-65497 MEDIUM PATCH Monitor

NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libcoap Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-65496 MEDIUM PATCH Monitor

NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libcoap Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-65495 HIGH PATCH This Month

Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libcoap Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-65494 HIGH PATCH This Month

NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libcoap Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-65493 HIGH PATCH This Month

NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libcoap Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-31031 HIGH POC This Week

An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Libcoap Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-0962 HIGH POC PATCH This Week

A vulnerability was found in obgm libcoap 4.3.4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Stack Overflow Libcoap
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-30362 HIGH POC PATCH This Week

Buffer Overflow vulnerability in coap_send function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows attackers to obtain sensitive information via malformed pdu. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libcoap
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-35862 MEDIUM POC PATCH This Month

libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libcoap
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Out-of-bounds read in libcoap's OSCORE CBOR parsing can escalate to heap buffer overflow, enabling remote unauthenticated attackers to trigger memory corruption via malformed CoAP packets. Affects libcoap versions prior to v4.3.5b. The vulnerability stems from release builds removing assert() bounds checks in get_byte_inc(), allowing integer wraparound during allocation size computation. No public exploit identified at time of analysis, but proof-of-concept is straightforward given the specific code path and commit fix available.

Information Disclosure Buffer Overflow Libcoap
NVD GitHub VulDB
EPSS 1% CVSS 8.2
HIGH PATCH This Week

Availability loss and potential remote code execution in libcoap (versions up to and including 4.3.5, before commit 30db3ea) arises when attacker-controlled hostname data from a proxied CoAP URI is copied into a fixed 256-byte stack buffer during address resolution without bounds checking. A remote unauthenticated attacker can reliably crash any application that enables libcoap's proxy request handling, and may achieve code execution depending on the target's compiler hardening and runtime memory protections. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the official CVSS 4.0 base score is 8.2, but that score reflects availability impact only (VA:H, VC:N/VI:N).

Buffer Overflow Stack Overflow RCE +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the .rodata section. This could potentially lead to information disclosure or denial of service.

Buffer Overflow Information Disclosure Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Libcoap +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libcoap +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libcoap Suse
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libcoap +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libcoap +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libcoap +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Month

Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libcoap Suse
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Month

NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libcoap +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Month

NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Libcoap +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Libcoap +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

A vulnerability was found in obgm libcoap 4.3.4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Stack Overflow Libcoap
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Buffer Overflow vulnerability in coap_send function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows attackers to obtain sensitive information via malformed pdu. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libcoap
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libcoap
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy