Unbounded Memory Allocation Vulnerability in Eclipse Wakaama
CVE-2026-58465
8.7HIGH
What is CVE-2026-58465?
Eclipse Wakaama prior to snapshot/2026-05-26 is susceptible to an unbounded memory allocation vulnerability in its CoAP Block1 handler. This flaw can be exploited by unauthenticated remote attackers, allowing them to send a series of Block1 PUT requests with increasing block numbers targeting the registration endpoint over UDP. Due to a lack of maximum size enforcement for the reallocating buffer, this may lead to continuous memory allocation, ultimately causing the server to experience denial of service through memory exhaustion.
Affected Version(s)
wakaama 0
References
CVSS V4
Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc.
VulnCheck
