Debian Patches
Status for libcoap3/4.3.5-2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| spelling.patch | spelling issues detected by lintian=================================================================== | no | ||||
| CVE-2025-59391.patch | [PATCH] OSCORE: Fix OSCORE configuration file parsing issue With a large boolean parameter value, (longer than "false"), memory would be read past the "true" or "false" string boundaries in the ".rodata" section when doing a memcmp(), potetially causing the application to crash when calling coap_new_oscore_conf() with a specially crafted configuration file. It also can provide a mechanism to determine the byte values following the "true" or "false" string boundaries which could lead to accessing sensitive information. The standard libcoap library does not have defined keys or certificates. This can only be done by a specially crafted local application. Discovered by SecMate (https://secmate.dev). Now fixed. |
Jon Shallow <supjps-libcoap@jpshallow.com> | no | 2025-09-04 | ||
| CVE-2025-65501+65500+65499+65498+65497+65496+65495+65494+65493.patch | [PATCH] coap_openssl.c: Check return values in case internal OpenSSL issue | Jon Shallow <supjps-libcoap@jpshallow.com> | no | 2025-09-19 |
All known versions for source package 'libcoap3'
- 4.3.5-2 (sid)
- 4.3.5-1 (forky)
- 4.3.4-1.1+deb13u1 (trixie)
- 4.3.1-1 (bookworm)