漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
libcoap Out-of-Bounds Read in OSCORE CBOR Unwrap Handling
Vulnerability Description
libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed OSCORE options or responses during OSCORE negotiation to trigger out-of-bounds reads during CBOR parsing and potentially cause heap buffer overflow writes through integer wraparound in allocation size computation.
CVSS Information
N/A
Vulnerability Type
跨界内存读
Vulnerability Title
libcoap 安全漏洞
Vulnerability Description
libcoap是obgm开源的一个轻量级应用程序协议的 C 实现。 libcoap存在安全漏洞,该漏洞源于OSCORE附录B.2 CBOR解包处理中的越界读取,可能导致通过整数环绕触发堆缓冲区溢出写入。
CVSS Information
N/A
Vulnerability Type
N/A