CVE-2026-58465
Received Received - Intake

Memory Exhaustion in Eclipse Wakaama CoAP Block1 Handler

Vulnerability report for CVE-2026-58465, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-02

Last updated on: 2026-07-02

Assigner: VulnCheck

Description

Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server memory by sending a sequence of Block1 PUT requests with incrementing block numbers. Attackers can target the registration endpoint over UDP without authentication, causing the server to repeatedly reallocate a growing accumulation buffer by appending each block payload without enforcing any maximum total size limit, resulting in denial of service through memory exhaustion.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-02
Last Modified
2026-07-02
Generated
2026-07-03
AI Q&A
2026-07-02
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
eclipse wakaama to 2026-05-26 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-58465 is an unbounded memory allocation vulnerability in the Eclipse Wakaama library's CoAP Block1 handler. It occurs because the server does not enforce any maximum total size limit when processing a sequence of Block1 PUT requests with incrementing block numbers. An unauthenticated remote attacker can exploit this by sending many such requests to the registration endpoint over UDP, causing the server to repeatedly reallocate and grow a memory buffer without limits.

This results in the server exhausting its memory resources, leading to a denial of service condition.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

This vulnerability can impact you by allowing unauthenticated attackers to cause a denial of service on your server running Eclipse Wakaama. By exploiting the unbounded memory allocation flaw, attackers can exhaust the server's memory, potentially causing it to crash or become unresponsive.

This can disrupt services relying on the affected server, leading to downtime and loss of availability.

Detection Guidance

This vulnerability can be detected by monitoring for unusual or excessive Block1 PUT requests with incrementing block numbers targeting the registration endpoint over UDP. Such traffic patterns may indicate an attempt to exploit the unbounded memory allocation flaw.

Network detection can involve capturing and analyzing CoAP traffic on UDP ports used by the Eclipse Wakaama server, looking specifically for sequences of Block1 PUT requests with increasing block numbers.

Suggested commands include using packet capture tools like tcpdump or Wireshark to filter and inspect CoAP Block1 PUT requests:

  • tcpdump -i <interface> udp port <CoAP_port> -w capture.pcap
  • tshark -r capture.pcap -Y "coap && coap.opt.block1" -T fields -e coap.opt.block1.num

These commands help capture and analyze CoAP Block1 options to identify sequences of incrementing block numbers that may indicate exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include applying the official patch or update that introduces a configurable maximum message size limit (LWM2M_COAP_MAX_MESSAGE_SIZE) to prevent unbounded memory allocation.

This patch causes the server to respond with a COAP_413_ENTITY_TOO_LARGE error when a Block1 message exceeds the allowed size, effectively preventing memory exhaustion.

If patching is not immediately possible, consider implementing network-level controls such as rate limiting or filtering UDP traffic to the registration endpoint to block suspicious sequences of Block1 PUT requests.

Monitoring and alerting on unusual CoAP traffic patterns can also help detect and respond to exploitation attempts promptly.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-58465. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart