CVE-2026-29013 libcoap Out-of-Bounds Read in OSCORE CBOR Unwrap Handling

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where getbyteinc in src/oscore/oscorecbor.c relies solely on assert for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed...

CVE-2026-29013

CVE-2026-29013 affects libcoap with out-of-bounds read vulnerabilities in OSCORE CBOR unwrap handling (get_byte_inc in src/oscore/oscore_cbor.c relies on assert for bounds, removed under NDEBUG). Attackers can send crafted CoAP messages during OSCORE negotiation to trigger reads beyond bounds, po...

CVE-2026-1678

CVE-2026-1678 affects Zephyr’s DNS name parser. The function dns_unpack_name() caches the buffer tailroom and reuses it when appending DNS labels; as the buffer grows, the cached size can become incorrect, allowing the final null terminator to be written past the buffer. With assertions disabled ...

PT-2023-28454 · Zephyr · Zephyr

Name of the Vulnerable Software and Affected Versions: Zephyr affected versions not specified Description: The issue is related to a possible buffer overflow in the Zephyr mgmt subsystem when asserts are disabled. Recommendations: At the moment, there is no information about a newer version that...

CVE-2023-5753

CVE-2023-5753 concerns the Zephyr RTOS Bluetooth subsystem. The provided documents consistently identify a potential buffer overflow caused by asserts being disabled in the file subsys/bluetooth/host/hci_core.c. The vulnerability is described across multiple sources (NVD, Red Hat, CVE lists, Vera...

CVE-2023-5753 Potential buffer overflow vulnerabilities in the Zephyr Bluetooth subsystem

Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hcicore.c...

PT-2023-8755 · Zephyr · Zephyr

Name of the Vulnerable Software and Affected Versions: Zephyr affected versions not specified Description: The issue is related to potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci core.c. This vulnerability is associated with...

CVE-2023-4262

Rejected reason: User data field is not attacker controlled...

Buffer overflow

Possible buffer overflow in Zephyr mgmt subsystem when asserts are disabled...

CVE-2023-4262

CVE-2023-4262 is associated with a potential buffer overflow in Zephyr’s management subsystem when asserts are disabled (reported by PT-2023-28454). The connected Veracode record cites a buffer overflow in libzephyr.so caused by the CLFS driver, suggesting the attacker could trigger via a special...

unbound: assertion failure and denial of service in synth_cname

A flaw was found in unbound. A reachable assertion in the synthcname function can be triggered by sending invalid packets to the server. If asserts are disabled during compilation, this issue might lead to an out-of-bounds write in dnamepktcopy function. The highest threat from this vulnerability...

python: PyString_FromStringAndSize does not check for negative size values

Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyStringFromStringAndSize function, which allocates less memory than expected when assert is disabled and triggers a buffer overflow...