← Voltar para CVEs
CVE-2025-34468
CRITICAL9.8
Descricao
libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentially achieve remote code execution depending on compiler options and runtime memory protections. Exploitation requires the proxy logic to be enabled (i.e., the proxy request handling code path in an application using libcoap).
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado12/31/2025
Ultima modificacao1/14/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
libcoap:libcoap
Fraquezas (CWE)
CWE-121CWE-787
Referencias
https://github.com/obgm/libcoap/commit/30db3ea(disclosure@vulncheck.com)
https://github.com/obgm/libcoap/pull/1737(disclosure@vulncheck.com)
https://libcoap.net/(disclosure@vulncheck.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.