CVE-2025-65498
BaseFortify
Publication date: 2025-11-24
Last updated on: 2025-12-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| libcoap | libcoap | 4.3.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a NULL pointer dereference in the libcoap library version 4.3.5, specifically in the function coap_dtls_generate_cookie() within the OpenSSL integration code. It occurs because the function SSL_get_SSL_CTX() can return NULL, indicating an invalid or uninitialized SSL object, but libcoap does not check for this NULL return value. As a result, libcoap passes this NULL pointer to other OpenSSL functions, leading to a segmentation fault (crash) during the DTLS handshake process. [2]
How can this vulnerability impact me? :
This vulnerability can cause a denial of service (DoS) by crashing the application using libcoap during the DTLS handshake. An attacker can exploit this by sending a crafted DTLS handshake message that triggers the NULL pointer dereference, causing the application to crash and become unavailable. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes or segmentation faults in applications using libcoap 4.3.5 during DTLS handshake processing. Specifically, look for crash logs indicating null pointer dereferences or segmentation faults in coap_openssl.c related to SSL_get_SSL_CTX() returning NULL. Using AddressSanitizer or similar memory error detection tools can help identify the issue. Additionally, network traffic analysis tools could be used to detect crafted DTLS handshake packets that trigger the vulnerability, but no specific commands are provided in the resources. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating libcoap to a version that includes the fix for this vulnerability, such as the patched version after the pull request #1750 was merged. The fix involves adding proper checks for the return value of SSL_get_SSL_CTX() to prevent null pointer dereferences. If updating is not immediately possible, consider applying the patch from pull request #1750 manually, which adds comprehensive validation of OpenSSL API return values to prevent crashes. Additionally, monitoring and restricting untrusted DTLS handshake traffic may reduce exposure until the patch is applied. [1, 2]