CVE-2025-65495
BaseFortify
Publication date: 2025-11-24
Last updated on: 2025-12-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| libcoap | libcoap | 4.3.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-195 | The product uses a signed primitive and performs a cast to an unsigned primitive, which can produce an unexpected value if the value of the signed primitive can not be represented using an unsigned primitive. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an integer signedness error in the tls_verify_call_back() function of libcoap version 4.3.5. Specifically, the OpenSSL function i2d_X509() can return -1 on failure, but libcoap does not check for this error and instead uses the negative return value as a size parameter for malloc(). This misuse causes an invalid and excessively large memory allocation request, leading to a denial of service. [2]
How can this vulnerability impact me? :
The vulnerability can cause a denial of service by triggering a critical memory allocation failure. When a crafted TLS certificate causes i2d_X509() to return -1, libcoap attempts to allocate an invalidly large amount of memory, which can crash or destabilize the application using libcoap, potentially disrupting services relying on it. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for memory allocation failures or crashes related to the tls_verify_call_back() function in libcoap 4.3.5 when processing TLS certificates. Using AddressSanitizer or similar memory error detection tools can help identify the invalid large memory allocation caused by i2d_X509() returning -1. Additionally, reviewing logs for errors during TLS certificate verification in libcoap may indicate the issue. Specific commands include running the libcoap application with AddressSanitizer enabled to catch allocation errors, or using debugging tools to trace calls to i2d_X509() and subsequent malloc() calls in tls_verify_call_back(). [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating libcoap to a version that includes the patch fixing this issue, such as the one referenced in pull request #1750, which adds proper return value checks for i2d_X509() and other OpenSSL functions to prevent misuse of error return values. If updating is not immediately possible, applying the patch from pull request #1750 manually or disabling TLS certificate verification in libcoap temporarily (if feasible) can reduce risk. Monitoring and restricting access to services using vulnerable libcoap versions can also help mitigate exploitation. [1]