CVE-2025-65496

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

DEBIAN-CVE-2025-65496

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

CVE-2025-65496

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

DEBIAN-CVE-2025-65493

NULL pointer dereference in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIOgetdata to return NULL...

UBUNTU-CVE-2025-65500

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

UBUNTU-CVE-2025-65501

Null pointer dereference in coapdtlsinfocallback in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSLgetappdata returns NULL...

CVE-2025-65496

CVE-2025-65496 affects libcoap (v4.3.5) with a NULL pointer dereference in coap_dtls_generate_cookie() implemented in src/coap_openssl.c. The flaw can allow a remote attacker to cause a denial of service during a DTLS handshake by triggering SSL_get_SSL_CTX() to return NULL. Public sources repeat...

CVE-2025-65496

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

CVE-2025-65497

CVE-2025-65497 describes a NULL pointer dereference in the CoAP library libcoap 4.3.5 (coap_dtls_generate_cookie in src/coap_openssl.c). A crafted DTLS handshake can cause a denial of service by making SSL_get_SSL_CTX() return NULL. Multiple connected advisories note a fix/update to a 4.3.5a rele...

CVE-2025-65502

CVE-2025-65502 affects Cesanta Mongoose before 7.2. The root cause is a null pointer dereference in add_ca_certs() during TLS initialization when SSL_CTX_get_cert_store() returns NULL, allowing a remote attacker to cause a denial of service over the network. The vulnerability is documented across...

CVE-2025-65495

CVE-2025-65495 affects libcoap 4.3.5. The issue is a signedness error in tls_verify_call_back() inside src/coap_openssl.c that can allow a remote attacker to trigger a denial of service by sending a crafted TLS certificate, causing i2d_X509() to return -1 and be misused as a malloc() size. Public...

Xtool AnyScan App 安全漏洞

Xtool AnyScan App is an automotive diagnostic mobile application from China-based Xtool. A security vulnerability exists in Xtooltech Xtool AnyScan Android Application version 4.40.40 and earlier, which stems from a lack of SSL certificate validation and could lead to a man-in-the-middle attack...

PT-2025-47907

Name of the Vulnerable Software and Affected Versions libcoap version 4.3.5 Description A flaw exists in libcoap where a NULL pointer dereference in src/coap openssl.c can lead to a denial of service. This occurs when a crafted DTLS/TLS connection triggers the BIO get data function to return NULL...

CVE-2025-65500

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

PT-2025-47914

NULL pointer dereference in coap dtls generate cookie in src/coap openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL get SSL CTX to return NULL...

CVE-2025-12889

With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is supported, rather than those in the CertificateRequest...

CVE-2025-11932

The server previously verified the TLS 1.3 PSK binder using a non-constant time method which could potentially leak information about the PSK binder...

CVE-2025-11933

Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to potentially cause a denial-of-service via a crafted ClientHello message with duplicate CKS extensions...

SUSE-SU-2025:4160-1 Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise kernel 6.4.0-150600.10.29 fixes various security issues The following security issues were fixed: - CVE-2025-23145: mptcp: fix NULL pointer in canacceptnewsubflow bsc1242882. - CVE-2025-38500: xfrm: interface: fix use-after-free after changing collectmd...

EUVD-2025-198524

Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted ClientHello message containing duplicate KeyShareEntry values for the same supported group, leading to...