53 matches found
Influence of Autoencoder Latent Space on Classifying IoT CoAP Attacks
The Internet of Things IoT presents a unique cybersecurity challenge due to its vast network of interconnected, resource-constrained devices. These vulnerabilities not only threaten data integrity but also the overall functionality of IoT systems. This study addresses these challenges by explorin...
CVE-2025-65291
Aqara Hub devices including Hub M2 4.3.60027, Hub M3 4.3.60025, Camera Hub G3 4.1.90027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring...
CVE-2025-65291
Aqara Hub devices including Hub M2 4.3.60027, Hub M3 4.3.60025, Camera Hub G3 4.1.90027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring...
CVE-2025-65291
Aqara Hub devices including Hub M2 4.3.60027, Hub M3 4.3.60025, Camera Hub G3 4.1.90027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the coapdtlsinfocallback function when a DTLS handshake occurs and SSLgetappdata returns NULL. An attacker can cause the application to crash by initiating a specially crafted DTLS handshake. Remediation...
DEBIAN-CVE-2025-65496
NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...
PT-2025-47912
NULL pointer dereference in coap dtls generate cookie in src/coap openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL get SSL CTX to return NULL...
PT-2025-47914
NULL pointer dereference in coap dtls generate cookie in src/coap openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL get SSL CTX to return NULL...
CVE-2025-65498
CVE-2025-65498 affects libcoap (core library) with a NULL pointer dereference in coap_dtls_generate_cookie() (src/coap_openssl.c) of libcoap 4.3.5, allowing remote attackers to cause a denial of service during a crafted DTLS handshake when SSL_get_SSL_CTX() returns NULL. Public references list li...
EUVD-2025-24861
Malicious code in bioql PyPI...
FreeCoAP 缓冲区错误漏洞
FreeCoAP is a C implementation of the CoAP server, client, and HTTP/CoAP proxy by Keith Cullen, a personal developer. A security vulnerability exists in FreeCoAP version 0.7, which originates in the serverhandleregular function of the testcoapserver.c file and can lead to a denial of service...
[SECURITY] Fedora 41 Update: libcoap-4.3.5-6.fc41
The Constrained Application Protocol CoAP is a specialized web transfer protocol for use with constrained nodes and constrained networks in the Inter net of Things. The protocol is designed for machine-to-machine M2M applications such as smart energy and building automation. libcoap implements a...
FreeCoAP Security Vulnerabilities
FreeCoAP is a C implementation of the CoAP server, client, and HTTP/CoAP proxy by Keith Cullen, a personal developer. A security vulnerability exists in FreeCoAP version 0.7, which stems from a problem with the coapmsg.c file that allows remote attackers to cause a denial of service or informatio...
Fedora: Security Advisory (FEDORA-2024-75863445ff)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 39 Update: libcoap-4.3.4a-2.fc39
The Constrained Application Protocol CoAP is a specialized web transfer protocol for use with constrained nodes and constrained networks in the Inter net of Things. The protocol is designed for machine-to-machine M2M applications such as smart energy and building automation. libcoap implements a...
PT-2023-12817 · Qualcomm · 9205 Lte Modem Firmware +7
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: The issue is related to memory corruption in a modem, caused by improper input validation when handling incoming CoAP messages. Recommendations: At the moment, there is no information...
PT-2023-13238 · Qualcomm · 9205 Lte Modem Firmware +18
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue is related to memory corruption in a modem. This occurs due to an improper check while calculating the size of a serialized CoAP message, leading to potential exploitation...
Design/Logic Flaw
Eclipse Californium is a Java implementation of RFC7252 - Constrained Application Protocol for IoT Cloud services. In versions prior to 3.7.0, and 2.7.4, Californium is vulnerable to a Denial of Service. Failing handshakes don't cleanup counters for throttling, causing the threshold to be reached...
Eclipse Wakaama 缓冲区错误漏洞
Eclipse Wakaama is a C-based, open source implementation of the OMA LWM2M protocol from the Eclipse Foundation. A buffer error vulnerability exists in Eclipse Wakaama versions 2021-01-14 and earlier, which stems from the CoAP parsing code failing to properly clean up data received over the networ...
PT-2022-11359 · Eclipse · Eclipse Wakaama
Name of the Vulnerable Software and Affected Versions: Eclipse Wakaama versions prior to 2021-01-14 Description: The issue arises from the CoAP parsing code in Eclipse Wakaama, which fails to properly sanitize network-received data. This has been the case since the inception of Eclipse Wakaama...