Overview CVE-2025-65499 is a critical vulnerability discovered in OISM libcoap version 4.3.5. This array index error resides in the tls_verify_call_back() function within src/coap_openssl.c. This flaw allows remote attackers to potentially trigger a denial-of-service (DoS) condition on affected systems by sending a specially crafted DTLS handshake. Technical Details The vulnerability stems from an array index error in the tls_verify_call_back() function. Specifically, the issue occurs when SSL_get_ex_data_X509_STORE_CTX_idx() returns -1. This unexpected return value, when not properly handled, leads to an out-of-bounds access when used as an index. An attacker can exploit this by crafting a malicious DTLS handshake that forces SSL_get_ex_data_X509_STORE_CTX_idx() to…

Overview CVE-2025-65498 describes a NULL pointer dereference vulnerability found in OISM libcoap version 4.3.5. This vulnerability resides in the coap_dtls_generate_cookie() function within src/coap_openssl.c. Remote attackers can exploit this flaw to trigger a denial-of-service (DoS) condition by sending a specially crafted DTLS handshake. This handshake causes SSL_get_SSL_CTX() to return NULL, leading to a crash when the code attempts to dereference this NULL pointer. Technical Details The vulnerability occurs because the coap_dtls_generate_cookie() function does not adequately check for a NULL return value from the SSL_get_SSL_CTX() function before attempting to use the returned pointer. Specifically, a crafted DTLS handshake can be constructed in…

Overview CVE-2025-65497 is a security vulnerability affecting libcoap version 4.3.5, a popular library for implementing the Constrained Application Protocol (CoAP). This vulnerability stems from a NULL pointer dereference within the coap_dtls_generate_cookie() function, potentially leading to a Denial of Service (DoS) attack. An attacker can exploit this by sending a specially crafted DTLS handshake, causing SSL_get_SSL_CTX() to return NULL and triggering the dereference. Technical Details The vulnerability resides in src/coap_openssl.c within the coap_dtls_generate_cookie() function. Specifically, the function fails to properly handle a NULL return value from SSL_get_SSL_CTX() during DTLS handshake processing. This leads to a NULL pointer dereference when the code…

Overview CVE-2025-65496 is a security vulnerability found in OISM’s libcoap version 4.3.5. Specifically, a NULL pointer dereference occurs within the coap_dtls_generate_cookie() function in the src/coap_openssl.c file. This flaw can be exploited by remote attackers to trigger a denial-of-service (DoS) condition on affected systems. The vulnerability is triggered by a specially crafted DTLS handshake that causes SSL_get_SSL_CTX() to return a NULL value. Technical Details The vulnerability arises when the coap_dtls_generate_cookie() function attempts to dereference a potentially NULL pointer returned by SSL_get_SSL_CTX() during a DTLS handshake. If the SSL context is not properly initialized or becomes invalid, this function can return NULL.…

Overview CVE-2025-65495 describes a denial-of-service (DoS) vulnerability found in OISM libcoap version 4.3.5. This vulnerability is triggered by an integer signedness error within the tls_verify_call_back() function in src/coap_openssl.c. A remote attacker can exploit this vulnerability by sending a specially crafted TLS certificate, leading to a memory allocation failure and subsequent service disruption. Technical Details The vulnerability stems from how libcoap handles the return value of the i2d_X509() function when verifying TLS certificates. Specifically, i2d_X509(), which serializes an X.509 certificate to DER format, can return -1 on failure. The tls_verify_call_back() function in src/coap_openssl.c incorrectly interprets this -1 value as a valid…

Overview CVE-2025-65494 describes a NULL pointer dereference vulnerability found in OISM libcoap version 4.3.5. This vulnerability resides in the get_san_or_cn_from_cert() function within the src/coap_openssl.c file. A remote attacker can exploit this flaw to trigger a denial-of-service (DoS) condition by sending a specially crafted X.509 certificate to a vulnerable server. The vulnerability occurs when the sk_GENERAL_NAME_value() function unexpectedly returns NULL, leading to a NULL pointer dereference within the calling code. Technical Details The get_san_or_cn_from_cert() function is responsible for extracting the Subject Alternative Name (SAN) or Common Name (CN) from an X.509 certificate. The function iterates through the GENERAL_NAME entries within the…

Overview CVE-2025-65493 describes a NULL pointer dereference vulnerability found in OISM libcoap version 4.3.5. This flaw resides in the src/coap_openssl.c file and can be exploited by remote attackers. By sending a specially crafted DTLS/TLS connection request, an attacker can trigger the BIO_get_data() function to return NULL. This results in a NULL pointer dereference, ultimately leading to a denial-of-service (DoS) condition. Technical Details The vulnerability stems from improper handling of the return value of BIO_get_data() within the coap_openssl.c file. The code doesn’t adequately check if BIO_get_data() returns NULL before attempting to dereference the pointer. A malicious actor can leverage this by…

Overview CVE-2025-41017 describes an inadequate access control vulnerability found in Davantis DDFUSION version 6.177.7. This flaw allows unauthorized actors to retrieve perspective parameters from security camera settings. The vulnerability can be exploited by accessing the “/cameras/<CAMERA_ID>/perspective” endpoint without proper authentication or authorization checks. Technical Details The core of the vulnerability lies in the lack of proper access controls on the “/cameras/<CAMERA_ID>/perspective” endpoint within the Davantis DDFUSION application. An attacker who can reach this endpoint (which might be possible through network reconnaissance or other vulnerabilities) can retrieve sensitive camera perspective parameters. These parameters are likely used to calibrate the camera’s view…

Overview CVE-2025-40212 describes a refcount leak vulnerability found in the Network File System daemon (NFSd) implementation within the Linux kernel. Specifically, the issue resides within the nfsd_set_fh_dentry() function. This flaw could potentially lead to a use-after-free condition and a subsequent denial-of-service (DoS) attack. The vulnerability primarily affects scenarios where NFSv3 (or v2) clients interact with the pseudo root filesystem, which is normally reserved for NFSv4. Technical Details The vulnerability arises due to an error handling issue in nfsd_set_fh_dentry(). When a version 3 (or version 2) NFS client attempts to utilize a filehandle originating from the NFSd’s pseudo root filesystem, the…

Overview CVE-2025-12628 identifies a security vulnerability within the WP 2FA WordPress plugin. This vulnerability stems from the plugin’s method of generating backup codes for two-factor authentication. The backup codes lack sufficient entropy, making them susceptible to brute-force attacks. A successful brute-force attack allows an attacker to bypass the second factor, gaining unauthorized access to the WordPress account. Technical Details The core issue lies in the algorithm used by the WP 2FA plugin to generate backup codes. Instead of utilizing a cryptographically secure random number generator (CSPRNG) with a sufficient number of bits of entropy, the plugin employs a less robust…