CVE-2025-34468

Name
CVE-2025-34468
Description
libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentially achieve remote code execution depending on compiler options and runtime memory protections. Exploitation requires the proxy logic to be enabled (i.e., the proxy request handling code path in an application using libcoap).
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
patch https://github.com/obgm/libcoap/commit/30db3ea
issue-tracking https://github.com/obgm/libcoap/pull/1737
product https://libcoap.net/
third-party-advisory https://www.vulncheck.com/advisories/libcoap-stack-based-buffer-overflow-in-address-resolution-dos-or-potential-rce

Match rules

CPE URI Source package Min version Max version
libcoap >= 0 <= 4.3.5
libcoap == commit 30db3ea == None
cpe:2.3:a:libcoap:libcoap:*:*:*:*:*:*:*:* libcoap >= None <= 4.3.5

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libcoap edge-community 4.3.5a-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
libcoap edge-community 4.3.5-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
libcoap 3.23-community 4.3.5-r0 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable