libcoap Stack-Based Buffer Overflow in Address Resolution DoS or Potential...

8.2 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Description

libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentially achieve remote code execution depending on compiler options and runtime memory protections. Exploitation requires the proxy logic to be enabled (i.e., the proxy request handling code path in an application using libcoap).

Basic Information

ID CVE-2025-34468

Source VulnCheck

Published Dec 31, 2025 at 18:39

Affected Product

Vendor libcoap

Product libcoap

Affected Versions libcoap libcoap 0

CWE Classification

CWE-121

References

{
    "lastseen": "",
    "description": "libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentially achieve remote code execution depending on compiler options and runtime memory protections. Exploitation requires the proxy logic to be enabled (i.e., the proxy request handling code path in an application using libcoap).",
    "published": "2025-12-31T18:39:07.530Z",
    "modified": "2025-12-31T18:39:07.530Z",
    "type": "cve",
    "title": "libcoap Stack-Based Buffer Overflow in Address Resolution DoS or Potential RCE",
    "source": "VulnCheck",
    "references": "https://github.com/obgm/libcoap/pull/1737\nhttps://github.com/obgm/libcoap/commit/30db3ea\nhttps://libcoap.net/\nhttps://www.vulncheck.com/advisories/libcoap-stack-based-buffer-overflow-in-address-resolution-dos-or-potential-rce",
    "id": "CVE-2025-34468",
    "bulletinFamily": "",
    "cwe": [
        "CWE-121"
    ],
    "cvelist": null,
    "sourceData": "libcoap libcoap 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.2,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "libcoap",
    "version": "0",
    "vendor": "libcoap",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

libcoap Stack-Based Buffer Overflow in Address Resolution DoS or Potential RCE_CVE-2025-34468