CVE-2025-59391
Last modified
CVE-2025-59391 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the .rodata section. EPSS estimates a 0.22% chance of exploitation in the next 30 days.
Description
A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the .rodata section. This could potentially lead to information disclosure or denial of service.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Libcoap | Libcoap | < 4.3.5a |
References
- https://github.com/obgm/libcoap/pull/1730Issue Tracking, Patch
- https://github.com/obgm/libcoap/releases/tag/v4.3.5aRelease Notes
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-59391?
How severe is CVE-2025-59391?
How do I fix CVE-2025-59391?
Are you affected by CVE-2025-59391?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST