CVE-2025-65494
BaseFortify
Publication date: 2025-11-24
Last updated on: 2025-12-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| libcoap | libcoap | 4.3.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a null pointer dereference in the libcoap library, specifically in the function get_san_or_cn_from_cert() in src/coap_openssl.c. It occurs because the code does not check if the OpenSSL function sk_GENERAL_NAME_value() returns NULL. When a crafted X.509 certificate causes sk_GENERAL_NAME_value() to return NULL, libcoap attempts to access a member of this null pointer, leading to a segmentation fault and crashing the application during TLS certificate verification. [1]
How can this vulnerability impact me? :
This vulnerability can cause a denial of service by crashing the libcoap application during TLS handshake processing. An attacker can exploit this by sending a specially crafted X.509 certificate that triggers the null pointer dereference, causing the application to crash and become unavailable. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for application crashes or segmentation faults in libcoap during TLS handshake processing, especially when handling X.509 certificates. AddressSanitizer logs or similar runtime error detection tools can reveal null pointer dereference errors in src/coap_openssl.c at the function get_san_or_cn_from_cert(). Specific commands are not provided in the resources, but using debugging tools like gdb to trace segmentation faults or running libcoap with AddressSanitizer enabled to catch null pointer dereferences during certificate validation could help detect the issue. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating libcoap to a version that includes the patch from pull request #1750, which adds proper return value checks for sk_GENERAL_NAME_value() and other OpenSSL functions to prevent null pointer dereferences. If updating is not immediately possible, monitoring and restricting the acceptance of untrusted or crafted X.509 certificates that could trigger this vulnerability may reduce risk. Applying the security update merged on September 22, 2025, is the recommended action to fix the issue. [2]