7.8

CVE-2024-0962

Exploit

obgm libcoap Configuration File coap_oscore.c get_split_entry stack-based overflow

A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252206 is the identifier assigned to this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibcoapLibcoap Version4.3.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.75% 0.501
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com 6.3 2.8 3.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
cna@vuldb.com 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://github.com/obgm/libcoap/issues/1310
Patch
Exploit
https://github.com/obgm/libcoap/issues/1310#issue-2099860835
Exploit
Issue Tracking
https://github.com/obgm/libcoap/pull/1311
Patch
Issue Tracking
https://vuldb.com/?ctiid.252206
Permissions Required
https://vuldb.com/?id.252206
Third Party Advisory