HIGH🇬🇧 English

CVE-2025-65495

CVSS 7.5v3.1pub. 2025-11-24upd. 2025-12-01

Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2d_X509() to return -1 and be misused as a malloc() size parameter.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Libcoap

    APP
    Libcoap
    4.3.5
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2026-29013HIGH8.8ten sam produkt

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte...

CVE-2025-34468HIGH8.2ten sam produkt

libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in ...

CVE-2025-65493HIGH7.5ten sam produkt

NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial...

CVE-2025-65494HIGH7.5ten sam produkt

NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remot...

CVE-2024-31031HIGH7.5ten sam produkt

An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messa...