CVE-2024-0962 MEDIUM

CVE-2024-0962: obgm libcoap Configuration File coap_oscore.c get_split_entry stack-based overflow

Vendor Obgm
Product libcoap
Weakness CWE-121
Published January 27, 2024
Last update June 17, 2025

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252206 is the identifier assigned to this vulnerability.

Key dates

02Disclosure timeline

January 27, 2024 CVE published
June 17, 2025 Record updated