Buffer Over-read Vulnerability in libcoap by OBGM
CVE-2023-35862

6.5MEDIUM

Key Information:

Vendor: Libcoap
Status: Libcoap
Vendor: CVE Published:; 19 June 2023

What is CVE-2023-35862?

The libcoap library version 4.3.1 is susceptible to a buffer over-read vulnerability. This issue arises in the function coap_parse_oscore_conf_mem located in the coap_oscore.c file. A buffer over-read can potentially lead to information leakage, exposing sensitive data in an attacker-controlled environment. Developers using this library should promptly assess their implementations to mitigate any potential risks associated with this vulnerability.

References

https://github.com/obgm/libcoap/issues/1117

https://github.com/obgm/libcoap/pull/1118

https://github.com/obgm/libcoap/tags

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2023
Vulnerability Reserved
Jun 19, 2023

CVE-2023-35862 Data

JSON

Libcoap

What is CVE-2023-35862?

References

CVSS V3.1

Timeline