CVE-2025-59391

Medium CVSS: 6.5

A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the .rodata section. This could potentially lead to information disclosure or denial of service.

Vendor

Libcoap

Product

Libcoap

CWE

CWE-125

Yayın Tarihi

2025-12-08 17:16:20

Güncelleme

2025-12-12 12:34:00

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-125 Libcoap MEDIUM Libcoap 2025

Referanslar

https://github.com/obgm/libcoap/pull/1730 https://github.com/obgm/libcoap/releases/tag/v4.3.5a

Benzer Kayıtlar

High

CVE-2025-34468

libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address re…

High

CVE-2025-65495

Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers t…

Medium

CVE-2025-65496

NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attack…

Medium

CVE-2025-65497

NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attack…

Medium

CVE-2025-65498

NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attack…

Medium

CVE-2025-65499

Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause…