CVE-2025-34468
Stack-Based Buffer Overflow in libcoap Proxy Enables RCE
Publication date: 2025-12-31
Last updated on: 2025-12-31
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| obgm | libcoap | 4.3.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-34468 is a stack-based buffer overflow vulnerability in the libcoap library (versions up to 4.3.5 before a specific fix). It occurs during address resolution when an attacker-controlled hostname longer than 255 bytes is copied into a fixed 256-byte stack buffer without proper bounds checking. This improper validation allows a remote attacker to cause a crash or potentially execute arbitrary code remotely if the proxy logic is enabled in the application using libcoap. [1, 2, 4]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a remote attacker to trigger a denial of service (application crash) or potentially achieve remote code execution on systems using vulnerable versions of libcoap with proxy logic enabled. The severity is high, and exploitation depends on compiler options and runtime memory protections, but it poses significant security risks including system compromise. [4, 1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can focus on identifying CoAP URIs with host names longer than 255 characters, which trigger the vulnerability. Since the issue occurs when proxy logic is enabled and processes such hostnames, monitoring logs for warnings like "Host name too long" or "Hostname > 255 chars" can help detect attempts. Additionally, using tools or scripts to scan CoAP traffic for URIs with excessively long hostnames may be effective. Specific commands are not provided in the resources, but checking application logs for the mentioned warnings or using network capture tools (e.g., tcpdump, Wireshark) to filter CoAP traffic and analyze URI host lengths could be practical approaches. [1, 4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating libcoap to version 4.3.5 or later, which contains patches that add proper validation of host name lengths to prevent buffer overflow. If updating is not immediately possible, disabling the proxy logic in applications using libcoap can reduce exposure, as exploitation requires proxy request handling to be enabled. Monitoring for suspicious CoAP URIs with overly long hostnames and applying runtime protections or compiler options that harden against buffer overflows may also help mitigate risk. [1, 2, 4]