CVE-2024-46304

Опубликовано: 09 окт. 2024

Источник: debian

Описание

A NULL pointer dereference in libcoap v4.3.5-rc2 and below allows a remote attacker to cause a denial of service via the coap_handle_request_put_block function in src/coap_block.c.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libcoap3	fixed	4.3.5-1		package
libcoap3	ignored		trixie	package
libcoap3	ignored		bookworm	package
libcoap2	removed			package
libcoap2	postponed		bullseye	package
libcoap	removed			package

Примечания

https://github.com/obgm/libcoap/issues/1509
Fixed in 4.3.5 (but exact fixing commits unknown)

Связанные уязвимости

CVE-2024-46304

CVSS3: 7.5

ubuntu

больше 1 года назад

A NULL pointer dereference in libcoap v4.3.5-rc2 and below allows a remote attacker to cause a denial of service via the coap_handle_request_put_block function in src/coap_block.c.

CVE-2024-46304

CVSS3: 7.5

nvd

больше 1 года назад

A NULL pointer dereference in libcoap v4.3.5-rc2 and below allows a remote attacker to cause a denial of service via the coap_handle_request_put_block function in src/coap_block.c.

GHSA-335x-3rg7-689m

CVSS3: 7.5

github

больше 1 года назад

A Buffer Overflow vulnerability in libcoap v4.3.5-rc2 and below allows a remote attacker to cause a denial of service via the coap_handle_request_put_block function in src/coap_block.c.