Executive Summary

This vulnerability is a NULL pointer dereference in the libcoap library version 4.3.5, specifically in the OpenSSL-related source file src/coap_openssl.c. The issue occurs because the function BIO_get_data() can return NULL, but the code does not check for this before dereferencing the pointer. This can lead to undefined behavior such as segmentation faults or crashes when handling crafted DTLS/TLS connections. [1, 2]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can cause a denial of service by crashing the application using libcoap when it processes a specially crafted DTLS/TLS connection. This can disrupt services relying on libcoap, potentially causing downtime or loss of availability. [2]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring for crashes or segmentation faults in applications using libcoap 4.3.5 with OpenSSL, especially those handling DTLS/TLS connections. Since the issue arises from a NULL pointer dereference in the function coap_dgram_write() and coap_dgram_ctrl() when BIO_get_data() returns NULL, you can check application logs for crash reports or use debugging tools like gdb to trace faults. Additionally, network traffic analysis tools can be used to detect unusual DTLS/TLS connection attempts that may trigger the vulnerability. However, no specific detection commands are provided in the resources. [2]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include updating libcoap to a version that includes the security patch addressing this vulnerability, such as the version containing the fix merged in pull request #1750. The patch adds necessary NULL pointer checks for BIO_get_data() and other OpenSSL API calls to prevent denial of service. If updating is not immediately possible, consider restricting or monitoring DTLS/TLS traffic to the affected services to reduce exposure. Applying the patch or upgrading to a fixed release is the recommended action. [1]

Useful 0 Not Useful 0