[SECURITY] Fedora 42 Update: libcoap-4.3.5b-1.fc42

The Constrained Application Protocol CoAP is a specialized web transfer protocol for use with constrained nodes and constrained networks in the Inter net of Things. The protocol is designed for machine-to-machine M2M applications such as smart energy and building automation. libcoap implements a...

[SECURITY] Fedora 43 Update: libcoap-4.3.5b-1.fc43

The Constrained Application Protocol CoAP is a specialized web transfer protocol for use with constrained nodes and constrained networks in the Inter net of Things. The protocol is designed for machine-to-machine M2M applications such as smart energy and building automation. libcoap implements a...

Fedora 43 : libcoap (2026-0ce923a09d)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-0ce923a09d advisory. Update to 4.3.5b Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

Fedora 42 : libcoap (2026-a8ee24f019)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a8ee24f019 advisory. Update to 4.3.5b Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

Fedora 44 : libcoap (2026-148e35657a)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-148e35657a advisory. Update to 4.3.5b Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

OPENSUSE-SU-2026:10592-1 libcoap-devel-4.3.5b-1.1 on GA media

These are all security issues fixed in the libcoap-devel-4.3.5b-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE CVE-2026-29013

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where getbyteinc in src/oscore/oscorecbor.c relies solely on assert for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed...

Linux Distros Unpatched Vulnerability : CVE-2026-29013

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where getbyteinc in src/oscore/oscorecbor.c relies solely on...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the getbyteinc function during CBOR parsing in OSCORE negotiation. An attacker can access sensitive memory contents or cause a heap buffer overflow by sending specially crafted CoAP requests with malformed OSCORE...

CVE-2026-29013

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where getbyteinc in src/oscore/oscorecbor.c relies solely on assert for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed...

DEBIAN-CVE-2026-29013

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where getbyteinc in src/oscore/oscorecbor.c relies solely on assert for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed...

CVE-2026-29013

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where getbyteinc in src/oscore/oscorecbor.c relies solely on assert for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed...

UBUNTU-CVE-2026-29013

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where getbyteinc in src/oscore/oscorecbor.c relies solely on assert for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed...

CVE-2026-29013

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where getbyteinc in src/oscore/oscorecbor.c relies solely on assert for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed...

CVE-2026-29013

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where getbyteinc in src/oscore/oscorecbor.c relies solely on assert for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed...

CVE-2026-29013 libcoap Out-of-Bounds Read in OSCORE CBOR Unwrap Handling

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where getbyteinc in src/oscore/oscorecbor.c relies solely on assert for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed...

CVE-2026-29013

CVE-2026-29013 affects libcoap with out-of-bounds read vulnerabilities in OSCORE CBOR unwrap handling (get_byte_inc in src/oscore/oscore_cbor.c relies on assert for bounds, removed under NDEBUG). Attackers can send crafted CoAP messages during OSCORE negotiation to trigger reads beyond bounds, po...

CVE-2026-29013

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where getbyteinc in src/oscore/oscorecbor.c relies solely on assert for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed...

libcoap 安全漏洞

Libcoap is a lightweight application protocol implementation developed by ObgM. Libcoap has a security vulnerability, which stems from out-of-bounds read operations during the CBOR decapsulation processing in OSCORE Appendix B.2. This vulnerability may lead to a heap buffer overflow attack throug...

SUSE CVE-2025-34468

libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentiall...