CVE-2025-65497
BaseFortify
Publication date: 2025-11-24
Last updated on: 2025-12-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| libcoap | libcoap | 4.3.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a NULL pointer dereference in the function coap_dtls_generate_cookie() within the libcoap library (version 4.3.5). It occurs because the function SSL_get_SSL_CTX() can return NULL during a crafted DTLS handshake, and libcoap does not properly check for this NULL return value. This leads to a dereference of a NULL pointer, causing the application to crash (denial of service).
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for crashes or denial of service symptoms during DTLS handshakes in libcoap 4.3.5. Since the issue is a NULL pointer dereference triggered by crafted DTLS handshakes, you can detect it by capturing DTLS handshake traffic and observing application logs for segmentation faults or crashes in the coap_openssl.c module. Using tools like tcpdump or Wireshark to capture DTLS handshake packets and analyzing for unusual or malformed handshake messages may help. Additionally, running the libcoap server or client under a debugger or with AddressSanitizer enabled can reveal null pointer dereference crashes. Specific commands might include: 1) tcpdump -i <interface> udp port <coap_dtls_port> -w dtls_handshake.pcap 2) gdb --args ./libcoap_server (to catch crashes) 3) Checking system logs (e.g., dmesg) for segmentation fault messages related to libcoap. However, no explicit detection commands are provided in the resources.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating libcoap to a version that includes the security fixes addressing this vulnerability. The fix involves adding proper return value checks for OpenSSL functions such as SSL_get_SSL_CTX() to prevent null pointer dereferences. According to Resource 2, the patch merged in pull request #1750 on September 22, 2025, adds comprehensive validation of OpenSSL API return values, closing this and related issues. Therefore, upgrading to the patched libcoap version after this pull request is merged is recommended. If an immediate upgrade is not possible, consider disabling DTLS support or restricting access to the affected service to trusted clients only, to reduce exposure to crafted DTLS handshakes that trigger the vulnerability. [2]
How can this vulnerability impact me? :
The vulnerability can be exploited by remote attackers to cause a denial of service (DoS) by crashing the libcoap application during a specially crafted DTLS handshake. This crash results from a NULL pointer dereference, which disrupts normal operation and availability of the affected service.