CVE-2025-34468

EUVD-2025-206064
libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentially achieve remote code execution depending on compiler options and runtime memory protections. Exploitation requires the proxy logic to be enabled (i.e., the proxy request handling code path in an application using libcoap).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
Affected Products (NVD)
VendorProductVersion
libcoaplibcoap
𝑥
≤ 4.3.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libcoap3
bookworm
no-dsa
forky
vulnerable
sid
vulnerable
trixie
no-dsa
Common Weakness Enumeration
References
https://github.com/obgm/libcoap/commit/30db3ea
https://github.com/obgm/libcoap/pull/1737
https://libcoap.net/
https://www.vulncheck.com/advisories/libcoap-stack-based-buffer-overflow-in-address-resolution-dos-or-potential-rce