← volver
CVE-2025-34468

libcoap Stack-Based Buffer Overflow in Address Resolution DoS or Potential RCE

CVSS 8.2 HIGHEPSS 0.6%CWE-121
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.2EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
31 dic 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentially achieve remote code execution depending on compiler options and runtime memory protections. Exploitation requires the proxy logic to be enabled (i.e., the proxy request handling code path in an application using libcoap).
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Productos afectados
libcoap · libcoap