CVE-2025-34468
Unknown Unknown - Not Provided
Stack-Based Buffer Overflow in libcoap Proxy Enables RCE

Publication date: 2025-12-31

Last updated on: 2025-12-31

Assigner: VulnCheck

Description
libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentially achieve remote code execution depending on compiler options and runtime memory protections. Exploitation requires the proxy logic to be enabled (i.e., the proxy request handling code path in an application using libcoap).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-31
Last Modified
2025-12-31
Generated
2026-06-16
AI Q&A
2025-12-31
EPSS Evaluated
2026-06-14
NVD
CVE-2025-34468
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
obgm libcoap 4.3.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-34468 is a stack-based buffer overflow vulnerability in the libcoap library (versions up to 4.3.5 before a specific fix). It occurs during address resolution when an attacker-controlled hostname longer than 255 bytes is copied into a fixed 256-byte stack buffer without proper bounds checking. This improper validation allows a remote attacker to cause a crash or potentially execute arbitrary code remotely if the proxy logic is enabled in the application using libcoap. [1, 2, 4]

Impact Analysis

This vulnerability can impact you by allowing a remote attacker to trigger a denial of service (application crash) or potentially achieve remote code execution on systems using vulnerable versions of libcoap with proxy logic enabled. The severity is high, and exploitation depends on compiler options and runtime memory protections, but it poses significant security risks including system compromise. [4, 1, 2]

Detection Guidance

Detection can focus on identifying CoAP URIs with host names longer than 255 characters, which trigger the vulnerability. Since the issue occurs when proxy logic is enabled and processes such hostnames, monitoring logs for warnings like "Host name too long" or "Hostname > 255 chars" can help detect attempts. Additionally, using tools or scripts to scan CoAP traffic for URIs with excessively long hostnames may be effective. Specific commands are not provided in the resources, but checking application logs for the mentioned warnings or using network capture tools (e.g., tcpdump, Wireshark) to filter CoAP traffic and analyze URI host lengths could be practical approaches. [1, 4]

Mitigation Strategies

Immediate mitigation steps include updating libcoap to version 4.3.5 or later, which contains patches that add proper validation of host name lengths to prevent buffer overflow. If updating is not immediately possible, disabling the proxy logic in applications using libcoap can reduce exposure, as exploitation requires proxy request handling to be enabled. Monitoring for suspicious CoAP URIs with overly long hostnames and applying runtime protections or compiler options that harden against buffer overflows may also help mitigate risk. [1, 2, 4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-34468. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart