CVE 8.8 HIGH

libcoap Out-of-Bounds Read in OSCORE CBOR Unwrap Handling_CVE-2026-29013

April 17, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/

Description

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed OSCORE options or responses during OSCORE negotiation to trigger out-of-bounds reads during CBOR parsing and potentially cause heap buffer overflow writes through integer wraparound in allocation size computation.

AI Analysis

Out-of-bounds read vulnerability in libcoap's OSCORE CBOR unwrap handling

Basic Information

ID CVE-2026-29013

Source VulnCheck

Published Apr 17, 2026 at 21:11

Affected Product

Vendor libcoap

Product libcoap

Affected Versions libcoap libcoap 0

CWE Classification

CWE-125

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor libcoap

Product libcoap

References

{
    "lastseen": "",
    "description": "libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed OSCORE options or responses during OSCORE negotiation to trigger out-of-bounds reads during CBOR parsing and potentially cause heap buffer overflow writes through integer wraparound in allocation size computation.",
    "published": "2026-04-17T21:11:38.137Z",
    "modified": "2026-04-17T21:11:38.137Z",
    "type": "cve",
    "title": "libcoap Out-of-Bounds Read in OSCORE CBOR Unwrap Handling",
    "source": "VulnCheck",
    "references": "https://github.com/obgm/libcoap/commit/b7847c4dbb0dbee7c90b09a673d4cae256f03718\nhttps://www.vulncheck.com/advisories/libcoap-out-of-bounds-read-in-oscore-cbor-unwrap-handling",
    "id": "CVE-2026-29013",
    "bulletinFamily": "",
    "cwe": [
        "CWE-125"
    ],
    "cvelist": null,
    "sourceData": "libcoap libcoap 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "libcoap",
    "version": "0",
    "vendor": "libcoap",
    "ai_description": "Out-of-bounds read vulnerability in libcoap's OSCORE CBOR unwrap handling",
    "ai_severity": "High",
    "ai_vendor": "libcoap",
    "ai_product": "libcoap",
    "ai_version": "0",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply