Overview CVE-2025-65501 identifies a null pointer dereference vulnerability present in OISM’s libcoap version 4.3.5. This flaw can be triggered during a DTLS handshake process when the SSL_get_app_data() function returns a NULL value. Successful exploitation of this vulnerability could lead to a denial-of-service (DoS) condition, potentially disrupting services relying on the affected libcoap library. Technical Details The vulnerability resides within the coap_dtls_info_callback() function in libcoap. This function is invoked as part of the DTLS handshake procedure. The issue arises when the SSL_get_app_data() function, which aims to retrieve application-specific data associated with the SSL connection, returns a NULL pointer. The coap_dtls_info_callback() function…

Overview CVE-2025-65500 describes a NULL pointer dereference vulnerability found in the coap_dtls_generate_cookie() function within src/coap_openssl.c of OISM libcoap version 4.3.5. This flaw allows a remote attacker to trigger a denial-of-service (DoS) condition by sending a specially crafted DTLS handshake. Specifically, the vulnerability occurs because the SSL_get_SSL_CTX() function can return NULL under certain conditions, which is then dereferenced, leading to the crash. Technical Details The vulnerability lies in the way libcoap handles DTLS handshake processes. During the generation of a cookie for the DTLS handshake, the coap_dtls_generate_cookie() function attempts to retrieve the SSL_CTX object using SSL_get_SSL_CTX(). If this function returns NULL…

Overview CVE-2025-65499 is a critical vulnerability discovered in OISM libcoap version 4.3.5. This array index error resides in the tls_verify_call_back() function within src/coap_openssl.c. This flaw allows remote attackers to potentially trigger a denial-of-service (DoS) condition on affected systems by sending a specially crafted DTLS handshake. Technical Details The vulnerability stems from an array index error in the tls_verify_call_back() function. Specifically, the issue occurs when SSL_get_ex_data_X509_STORE_CTX_idx() returns -1. This unexpected return value, when not properly handled, leads to an out-of-bounds access when used as an index. An attacker can exploit this by crafting a malicious DTLS handshake that forces SSL_get_ex_data_X509_STORE_CTX_idx() to…

Overview CVE-2025-65498 describes a NULL pointer dereference vulnerability found in OISM libcoap version 4.3.5. This vulnerability resides in the coap_dtls_generate_cookie() function within src/coap_openssl.c. Remote attackers can exploit this flaw to trigger a denial-of-service (DoS) condition by sending a specially crafted DTLS handshake. This handshake causes SSL_get_SSL_CTX() to return NULL, leading to a crash when the code attempts to dereference this NULL pointer. Technical Details The vulnerability occurs because the coap_dtls_generate_cookie() function does not adequately check for a NULL return value from the SSL_get_SSL_CTX() function before attempting to use the returned pointer. Specifically, a crafted DTLS handshake can be constructed in…

Overview CVE-2025-65497 is a security vulnerability affecting libcoap version 4.3.5, a popular library for implementing the Constrained Application Protocol (CoAP). This vulnerability stems from a NULL pointer dereference within the coap_dtls_generate_cookie() function, potentially leading to a Denial of Service (DoS) attack. An attacker can exploit this by sending a specially crafted DTLS handshake, causing SSL_get_SSL_CTX() to return NULL and triggering the dereference. Technical Details The vulnerability resides in src/coap_openssl.c within the coap_dtls_generate_cookie() function. Specifically, the function fails to properly handle a NULL return value from SSL_get_SSL_CTX() during DTLS handshake processing. This leads to a NULL pointer dereference when the code…

Overview CVE-2025-65496 is a security vulnerability found in OISM’s libcoap version 4.3.5. Specifically, a NULL pointer dereference occurs within the coap_dtls_generate_cookie() function in the src/coap_openssl.c file. This flaw can be exploited by remote attackers to trigger a denial-of-service (DoS) condition on affected systems. The vulnerability is triggered by a specially crafted DTLS handshake that causes SSL_get_SSL_CTX() to return a NULL value. Technical Details The vulnerability arises when the coap_dtls_generate_cookie() function attempts to dereference a potentially NULL pointer returned by SSL_get_SSL_CTX() during a DTLS handshake. If the SSL context is not properly initialized or becomes invalid, this function can return NULL.…

Overview CVE-2025-65495 describes a denial-of-service (DoS) vulnerability found in OISM libcoap version 4.3.5. This vulnerability is triggered by an integer signedness error within the tls_verify_call_back() function in src/coap_openssl.c. A remote attacker can exploit this vulnerability by sending a specially crafted TLS certificate, leading to a memory allocation failure and subsequent service disruption. Technical Details The vulnerability stems from how libcoap handles the return value of the i2d_X509() function when verifying TLS certificates. Specifically, i2d_X509(), which serializes an X.509 certificate to DER format, can return -1 on failure. The tls_verify_call_back() function in src/coap_openssl.c incorrectly interprets this -1 value as a valid…

Overview CVE-2025-65494 describes a NULL pointer dereference vulnerability found in OISM libcoap version 4.3.5. This vulnerability resides in the get_san_or_cn_from_cert() function within the src/coap_openssl.c file. A remote attacker can exploit this flaw to trigger a denial-of-service (DoS) condition by sending a specially crafted X.509 certificate to a vulnerable server. The vulnerability occurs when the sk_GENERAL_NAME_value() function unexpectedly returns NULL, leading to a NULL pointer dereference within the calling code. Technical Details The get_san_or_cn_from_cert() function is responsible for extracting the Subject Alternative Name (SAN) or Common Name (CN) from an X.509 certificate. The function iterates through the GENERAL_NAME entries within the…

Overview CVE-2025-65493 describes a NULL pointer dereference vulnerability found in OISM libcoap version 4.3.5. This flaw resides in the src/coap_openssl.c file and can be exploited by remote attackers. By sending a specially crafted DTLS/TLS connection request, an attacker can trigger the BIO_get_data() function to return NULL. This results in a NULL pointer dereference, ultimately leading to a denial-of-service (DoS) condition. Technical Details The vulnerability stems from improper handling of the return value of BIO_get_data() within the coap_openssl.c file. The code doesn’t adequately check if BIO_get_data() returns NULL before attempting to dereference the pointer. A malicious actor can leverage this by…

Overview CVE-2025-41017 describes an inadequate access control vulnerability found in Davantis DDFUSION version 6.177.7. This flaw allows unauthorized actors to retrieve perspective parameters from security camera settings. The vulnerability can be exploited by accessing the “/cameras/<CAMERA_ID>/perspective” endpoint without proper authentication or authorization checks. Technical Details The core of the vulnerability lies in the lack of proper access controls on the “/cameras/<CAMERA_ID>/perspective” endpoint within the Davantis DDFUSION application. An attacker who can reach this endpoint (which might be possible through network reconnaissance or other vulnerabilities) can retrieve sensitive camera perspective parameters. These parameters are likely used to calibrate the camera’s view…