Commit Graph

7 Commits

Author SHA1 Message Date
Ankur Tyagi b45ac4e0ef libcoap: patch CVE-2025-34468
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-34468

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-01-12 07:51:58 +05:30
Ankur Tyagi e7b55c84bb libcoap: patch CVE-2025-59391
Details https://nvd.nist.gov/vuln/detail/CVE-2025-59391

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-30 07:08:15 +05:30
Ankur Tyagi ba18d52f43 libcoap: ignore CVE-2023-51847
Details https://nvd.nist.gov/vuln/detail/CVE-2023-51847

The vulnerability exists in coap_threadsafe.c but thread safe support was
added in version v4.5.3 [1]

[1] https://github.com/obgm/libcoap/commit/c69c5d5af0a30859e90756f535e2ca21cdeda0b2

$ git tag --contains c69c5d5
v4.3.5
v4.3.5-rc1
v4.3.5-rc2
v4.3.5-rc3
v4.3.5a

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-30 07:08:14 +05:30
Gyorgy Sarvari 8a991e7e3c libcoap: ignore CVE-2025-50518
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-50518

The vulnerability is disputed by upstream, because the vulnerability
requires a user error, incorrect library usage. See also an upstream
discussion in a related (rejected) PR: https://github.com/obgm/libcoap/pull/1726

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 598176e1cb)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-30 07:08:14 +05:30
Peter Marko ba84c52d55 libcoap: patch CVE-2024-31031
Pick commit [1] from [2] which fixes [3] as listed in [4].

[1] https://github.com/obgm/libcoap/commit/214665ac4b44b1b6a7e38d4d6907ee835a174928
[2] https://github.com/obgm/libcoap/pull/1352
[3] https://github.com/obgm/libcoap/issues/1351
[4] https://nvd.nist.gov/vuln/detail/CVE-2024-31031

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-08-02 13:37:04 -04:00
alperak 4e7573011d libcoap: fix CVE-2024-0962
CVE-2024-0962:

A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. The manipulation leads to stack-based buffer overflow.

Upstream-Status: Backport [https://github.com/obgm/libcoap/pull/1311]

WARNING: libcoap-4.3.4-r0 do_cve_check: Found unpatched CVE (CVE-2024-0962)

This vulnerability is only exist in 4.3.4.

Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-04-14 08:38:42 -07:00
Wang Mingyu b71cd660fc libcoap: upgrade 4.3.3 -> 4.3.4
Changelog:
===========
* Clean up use of tags.
* Support for MacOS with Contiki-NG builds.
* Support for Windows with OpenSSL 3.x builds.
* Reported bugs fixed.
* Documentation updated.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2023-10-23 08:05:01 -07:00