Primary

Context

libcoap Out-of-Bounds Read Vulnerability in OSCORE CBOR Unwrap Handling

Vulnerability

Patched

A vulnerability allowing out-of-bounds read has been identified in libcoap versions prior to 4.3.5b. This issue arises in the OSCORE Appendix B.2 CBOR unwrap handling, where the function get_byte_inc() in 'src/oscore/oscore_cbor.c' relies solely on assert() for bounds checking. This assertion is removed in release builds compiled with NDEBUG. Exploitation can occur when attackers send crafted CoAP requests with malformed OSCORE options or responses during OSCORE negotiation. This can trigger out-of-bounds reads during CBOR parsing, potentially leading to heap buffer overflow writes through integer wraparound in allocation size computation.

Impact

Exploitation of this vulnerability causes an out-of-bounds read, which can lead to a heap buffer overflow.

Remediation

Users can upgrade to libcoap version 4.3.5b or later to address this vulnerability.

Added: Apr 17, 2026, 10:35 PM

Updated: Apr 17, 2026, 10:35 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.1

remediation

0.0

relevance

6.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.1

remediation

0.0

relevance

6.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libcoap Out-of-Bounds Read Vulnerability in OSCORE CBOR Unwrap Handling

Vulnerability

Impact

Remediation

Affected Products

obgm libcoap

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating