8.7
CVE-2026-58465
- EPSS 0.56%
- Veröffentlicht 02.07.2026 17:55:12
- Zuletzt bearbeitet 06.07.2026 18:52:45
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
Eclipse Wakaama CoAP Block1 Handler Unbounded Memory Allocation DoS
Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server memory by sending a sequence of Block1 PUT requests with incrementing block numbers. Attackers can target the registration endpoint over UDP without authentication, causing the server to repeatedly reallocate a growing accumulation buffer by appending each block payload without enforcing any maximum total size limit, resulting in denial of service through memory exhaustion.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellereclipse-wakaama
≫
Produkt
wakaama
Default Statusaffected
Version
0
Version <
snapshot/2026-05-26
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.56% | 0.422 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| disclosure@vulncheck.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
https://github.com/eclipse-wakaama/wakaama/releases/tag/snapshots%2F2026-05-26
https://github.com/eclipse-wakaama/wakaama/pull/881
https://github.com/eclipse-wakaama/wakaama/commit/a83f1ca28fa090fbc03c3669fef40daf4f89cd03
https://www.vulncheck.com/advisories/eclipse-wakaama-coap-block1-handler-unbounded-memory-allocation-dos