CVE-2025-65501

Опубликовано: 24 нояб. 2025

Источник: debian

Описание

Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libcoap3	fixed	4.3.5-2		package
libcoap3	fixed	4.3.4-1.1+deb13u2	trixie	package
libcoap3	no-dsa		bookworm	package
libcoap2	removed			package
libcoap2	postponed		bullseye	package

Примечания

https://github.com/obgm/libcoap/issues/1748
https://github.com/obgm/libcoap/pull/1750

Связанные уязвимости

CVE-2025-65501

CVSS3: 4.3

ubuntu

3 месяца назад

Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL.

CVE-2025-65501

CVSS3: 4.3

nvd

3 месяца назад

Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL.

GHSA-cx3h-f553-x7gw

CVSS3: 4.3

github

3 месяца назад

Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL.