Buffer Overflow Vulnerability in libcoap Library by OBGM
CVE-2023-30362

7.5HIGH

Key Information:

Vendor: Libcoap
Status: Libcoap
Vendor: CVE Published:; 23 June 2023

What is CVE-2023-30362?

The libcoap library, used widely for constrained applications, contains a buffer overflow vulnerability in the coap_send function. This issue arises when the function is fed malformed Protocol Data Units (PDUs), potentially leading to unintended access to sensitive information. The flaw has been addressed in version 4.3.1-120-ge242200, and users are encouraged to update to this version to safeguard their applications against possible exploitation.

References

https://github.com/obgm/libcoap/issues/1063

https://github.com/obgm/libcoap/pull/1065

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2023
Vulnerability Reserved
Apr 7, 2023

CVE-2023-30362 Data

JSON

Libcoap

What is CVE-2023-30362?

References

CVSS V3.1

Timeline