2459331 – (CVE-2026-29013) CVE-2026-29013 libcoap: libcoap: Memory corruption and denial of service via crafted CoAP requests

Bug 2459331 (CVE-2026-29013) - CVE-2026-29013 libcoap: libcoap: Memory corruption and denial of service via crafted CoAP requests

Summary: CVE-2026-29013 libcoap: libcoap: Memory corruption and denial of service via ...

Keywords:
Status:	NEW
Alias:	CVE-2026-29013
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2459687
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-17 22:01 UTC by OSIDB Bzimport
Modified:	2026-04-20 10:46 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-17 22:01:28 UTC

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed OSCORE options or responses during OSCORE negotiation to trigger out-of-bounds reads during CBOR parsing and potentially cause heap buffer overflow writes through integer wraparound in allocation size computation.

Note You need to log in before you can comment on or make changes to this bug.