CVE-2026-29013

UNKNOWN 0.0

libcoap Out-of-Bounds Read in OSCORE CBOR Unwrap Handling

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed OSCORE options or responses during OSCORE negotiation to trigger out-of-bounds reads during CBOR parsing and potentially cause heap buffer overflow writes through integer wraparound in allocation size computation.

CWE	CWE-125
Vendor	libcoap
Product	libcoap
Published	Apr 17, 2026

Stay Ahead of the Next One

Get instant alerts for libcoap libcoap

Be the first to know when new unknown vulnerabilities affecting libcoap libcoap are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

libcoap / libcoap

0 < v4.3.5b

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/obgm/libcoap/commit/b7847c4dbb0dbee7c90b09a673d4cae256f03718 vulncheck.com: https://www.vulncheck.com/advisories/libcoap-out-of-bounds-read-in-oscore-cbor-unwrap-handling

Credits

Kazuma Matsumoto