CVE-2026-29013
Out-of-Bounds Read and Heap Overflow in libcoap OSCORE Parsing
Publication date: 2026-04-17
Last updated on: 2026-04-20
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| libcoap | libcoap | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in libcoap's handling of OSCORE Appendix B.2 CBOR unwrap processing. Specifically, the function get_byte_inc() in src/oscore/oscore_cbor.c uses assert() for bounds checking, which is removed in release builds compiled with NDEBUG. As a result, attackers can send specially crafted CoAP requests with malformed OSCORE options or responses during OSCORE negotiation. This can trigger out-of-bounds reads during CBOR parsing and may lead to heap buffer overflow writes caused by integer wraparound in allocation size calculations.
How can this vulnerability impact me? :
The vulnerability can allow attackers to cause out-of-bounds memory reads and potentially heap buffer overflow writes. This can lead to memory corruption, which might be exploited to crash the application, cause denial of service, or execute arbitrary code remotely without any privileges or user interaction.