CVE-2025-65499

EPSS 0.14%
Veröffentlicht 24.11.2025 00:00:00
Zuletzt bearbeitet 01.12.2025 16:29:53
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_ex_data_X509_STORE_CTX_idx() to return -1.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Libcoap ≫ Libcoap Version4.3.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.341

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://github.com/obgm/libcoap/pull/1750

Patch

Issue Tracking

https://github.com/obgm/libcoap/issues/1747

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2025-65499

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-65499

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-65499

EUVD