CVE-2025-65495
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-24

Last updated on: 2025-12-01

Assigner: MITRE

Description
Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2d_X509() to return -1 and be misused as a malloc() size parameter.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-24
Last Modified
2025-12-01
Generated
2026-06-16
AI Q&A
2025-11-24
EPSS Evaluated
2026-06-15
NVD
CVE-2025-65495
EUVD
EUVD-2025-198714
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
libcoap libcoap 4.3.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-195 The product uses a signed primitive and performs a cast to an unsigned primitive, which can produce an unexpected value if the value of the signed primitive can not be represented using an unsigned primitive.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an integer signedness error in the tls_verify_call_back() function of libcoap version 4.3.5. Specifically, the OpenSSL function i2d_X509() can return -1 on failure, but libcoap does not check for this error and instead uses the negative return value as a size parameter for malloc(). This misuse causes an invalid and excessively large memory allocation request, leading to a denial of service. [2]

Impact Analysis

The vulnerability can cause a denial of service by triggering a critical memory allocation failure. When a crafted TLS certificate causes i2d_X509() to return -1, libcoap attempts to allocate an invalidly large amount of memory, which can crash or destabilize the application using libcoap, potentially disrupting services relying on it. [2]

Detection Guidance

This vulnerability can be detected by monitoring for memory allocation failures or crashes related to the tls_verify_call_back() function in libcoap 4.3.5 when processing TLS certificates. Using AddressSanitizer or similar memory error detection tools can help identify the invalid large memory allocation caused by i2d_X509() returning -1. Additionally, reviewing logs for errors during TLS certificate verification in libcoap may indicate the issue. Specific commands include running the libcoap application with AddressSanitizer enabled to catch allocation errors, or using debugging tools to trace calls to i2d_X509() and subsequent malloc() calls in tls_verify_call_back(). [2]

Mitigation Strategies

Immediate mitigation steps include updating libcoap to a version that includes the patch fixing this issue, such as the one referenced in pull request #1750, which adds proper return value checks for i2d_X509() and other OpenSSL functions to prevent misuse of error return values. If updating is not immediately possible, applying the patch from pull request #1750 manually or disabling TLS certificate verification in libcoap temporarily (if feasible) can reduce risk. Monitoring and restricting access to services using vulnerable libcoap versions can also help mitigate exploitation. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65495. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart