CVE-2025-34468

UNKNOWN 0.0

libcoap Stack-Based Buffer Overflow in Address Resolution DoS or Potential RCE

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentially achieve remote code execution depending on compiler options and runtime memory protections. Exploitation requires the proxy logic to be enabled (i.e., the proxy request handling code path in an application using libcoap).

CWE	CWE-121
Vendor	libcoap
Product	libcoap
Published	Dec 31, 2025
Last Updated	Mar 23, 2026

Stay Ahead of the Next One

Get instant alerts for libcoap libcoap

Be the first to know when new unknown vulnerabilities affecting libcoap libcoap are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

libcoap / libcoap

0 ≤ 4.3.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/obgm/libcoap/pull/1737 github.com: https://github.com/obgm/libcoap/commit/30db3ea libcoap.net: https://libcoap.net/ vulncheck.com: https://www.vulncheck.com/advisories/libcoap-stack-based-buffer-overflow-in-address-resolution-dos-or-potential-rce

Credits

SecMate