CVE-2025-65497

MEDIUM4.3EPSS 0.14%

Published: 11/24/2025Modified: 4/28/2026

Description

NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.

Affected packages (2)

Debian/libcoap2from 0
Debian/libcoap3from 0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-65497