CVE-2024-0962

Name
CVE-2024-0962
Description
A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252206 is the identifier assigned to this vulnerability.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
issue-tracking https://github.com/obgm/libcoap/issues/1310
exploit https://github.com/obgm/libcoap/issues/1310#issue-2099860835
issue-tracking https://github.com/obgm/libcoap/pull/1311
signature https://vuldb.com/?ctiid.252206
vdb-entry https://vuldb.com/?id.252206

Match rules

CPE URI Source package Min version Max version
libcoap == 4.3.4 == 4.3.4

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libcoap 3.19-community 4.3.4-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable