CVE-2026-29013 | THREATINT

Description

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed OSCORE options or responses during OSCORE negotiation to trigger out-of-bounds reads during CBOR parsing and potentially cause out-of-bounds reads through integer wraparound in allocation size computation.

PUBLISHED Reserved 2026-03-03 | Published 2026-04-17 | Updated 2026-05-25 | Assigner VulnCheck

HIGH: 8.8CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-125: Out-of-bounds Read

Product status

Default status

unknown

Any version before v4.3.5b

affected

Credits

Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc. finder

References

github.com/...ommit/b7847c4dbb0dbee7c90b09a673d4cae256f03718 patch

cve.org (CVE-2026-29013)

nvd.nist.gov (CVE-2026-29013)

Download JSON