Debian Patches
Status for libcoap3/4.3.4-1.1+deb13u3
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| CVE-2024-0962.patch | commit 2b28d8b0e9607e71a145345b4fe49517e052b7d9 coap_oscore.c: Fix parsing OSCORE configuration information =================================================================== |
Jon Shallow <supjps-libcoap@jpshallow.com> | no | 2024-01-25 | ||
| CVE-2024-31031.patch | commit 214665ac4b44b1b6a7e38d4d6907ee835a174928 coap_pdu.c: Fix UndefinedBehaviorSanitizer: undefined-behavior This fixes a reported error in coap_update_token() where a size_t calculation is overflowed (but all ends up with the correct value). Instead of adding an overflowed size_t, now subtract the reversed size_t calculation as appropriate. coap_update_option() and coap_insert_option() similarly updated. =================================================================== |
Jon Shallow <supjps-libcoap@jpshallow.com> | no | 2024-03-25 | ||
| CVE-2025-59391.patch | OSCORE: Fix OSCORE configuration file parsing issue With a large boolean parameter value, (longer than "false"), memory would be read past the "true" or "false" string boundaries in the ".rodata" section when doing a memcmp(), potetially causing the application to crash when calling coap_new_oscore_conf() with a specially crafted configuration file. It also can provide a mechanism to determine the byte values following the "true" or "false" string boundaries which could lead to accessing sensitive information. The standard libcoap library does not have defined keys or certificates. This can only be done by a specially crafted local application. Discovered by SecMate (https://secmate.dev). Now fixed. |
Jon Shallow <supjps-libcoap@jpshallow.com> | no | 2025-09-04 | ||
| CVE-2025-65501+65500+65499+65498+65497+65496+65495+65494+65493.patch | coap_openssl.c: Check return values in case internal OpenSSL issue | Jon Shallow <supjps-libcoap@jpshallow.com> | no | 2025-09-19 | ||
| CVE-2025-34468.patch | coap_address.c: Validate length of provided host name Host names larger than 255 bytes will cause an internal buffer overflow. Hostnames provided to coap_resolve_address_info() now have their length validated. Discovered by SecMate (https://secmate.dev). Sanity check host lengths when parsing a CoAP URI when using the coap_split_uri() function. |
Jon Shallow <supjps-libcoap@jpshallow.com> | no | 2025-09-12 | ||
| CVE-2026-29013.patch | sanitizer: Fix reported issues coap_new_cache_entry() does not correctly check for no PDU data when called with COAP_CACHE_RECORD_PDU. No current libcoap code (examples and library) call coap_new_cache_entry() with COAP_CACHE_RECORD_PDU set. Internal function coap_pdu_resize() can be used to reduce a PDU size, creating current options confusion. Fix is not to reduce PDU if new size is smaller than the current used size. No current libcoap code calls coap_pdu_resize() to reduce the size. If there is an issue with the PDU options where the maximum used option value is larger than the last defined option value, an assert() is triggered. All of the coap_*_option() functions correctly manage pdu->max_opt, but this issue could occur if coap_pdu_resize() was called to reduce the PDU size below that of pdu->used_size. |
Jon Shallow <supjps-libcoap@jpshallow.com> | no | 2026-03-24 |
All known versions for source package 'libcoap3'
- 4.3.5-4 (sid)
- 4.3.5-3 (forky)
- 4.3.4-1.1+deb13u3 (trixie)
- 4.3.1-1 (bookworm)