CVE-2025-65494
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-24

Last updated on: 2025-12-01

Assigner: MITRE

Description
NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes sk_GENERAL_NAME_value() to return NULL.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-24
Last Modified
2025-12-01
Generated
2026-06-16
AI Q&A
2025-11-24
EPSS Evaluated
2026-06-15
NVD
CVE-2025-65494
EUVD
EUVD-2025-198715
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
libcoap libcoap 4.3.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a null pointer dereference in the libcoap library, specifically in the function get_san_or_cn_from_cert() in src/coap_openssl.c. It occurs because the code does not check if the OpenSSL function sk_GENERAL_NAME_value() returns NULL. When a crafted X.509 certificate causes sk_GENERAL_NAME_value() to return NULL, libcoap attempts to access a member of this null pointer, leading to a segmentation fault and crashing the application during TLS certificate verification. [1]

Impact Analysis

This vulnerability can cause a denial of service by crashing the libcoap application during TLS handshake processing. An attacker can exploit this by sending a specially crafted X.509 certificate that triggers the null pointer dereference, causing the application to crash and become unavailable. [1]

Detection Guidance

This vulnerability can be detected by monitoring for application crashes or segmentation faults in libcoap during TLS handshake processing, especially when handling X.509 certificates. AddressSanitizer logs or similar runtime error detection tools can reveal null pointer dereference errors in src/coap_openssl.c at the function get_san_or_cn_from_cert(). Specific commands are not provided in the resources, but using debugging tools like gdb to trace segmentation faults or running libcoap with AddressSanitizer enabled to catch null pointer dereferences during certificate validation could help detect the issue. [1]

Mitigation Strategies

Immediate mitigation steps include updating libcoap to a version that includes the patch from pull request #1750, which adds proper return value checks for sk_GENERAL_NAME_value() and other OpenSSL functions to prevent null pointer dereferences. If updating is not immediately possible, monitoring and restricting the acceptance of untrusted or crafted X.509 certificates that could trigger this vulnerability may reduce risk. Applying the security update merged on September 22, 2025, is the recommended action to fix the issue. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65494. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart