[Git][security-tracker-team/security-tracker][master] Add new libcoap issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Nov 24 20:26:13 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fe47e571 by Salvatore Bonaccorso at 2025-11-24T21:25:42+01:00
Add new libcoap issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,23 +5,50 @@ CVE-2025-65503 (Use after free in endpoint destructors in Redboltz async_mqtt 10
CVE-2025-65502 (Null pointer dereference in add_ca_certs() in Cesanta Mongoose before ...)
TODO: check
CVE-2025-65501 (Null pointer dereference in coap_dtls_info_callback() in OISM libcoap ...)
- TODO: check
+ - libcoap3 <unfixed>
+ - libcoap2 <removed>
+ NOTE: https://github.com/obgm/libcoap/issues/1748
+ NOTE: https://github.com/obgm/libcoap/pull/1750
CVE-2025-65500 (NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_op ...)
- TODO: check
+ - libcoap3 <unfixed>
+ - libcoap2 <removed>
+ NOTE: https://github.com/obgm/libcoap/issues/1746
+ NOTE: https://github.com/obgm/libcoap/pull/1750
CVE-2025-65499 (Array index error in tls_verify_call_back() in src/coap_openssl.c in O ...)
- TODO: check
+ - libcoap3 <unfixed>
+ - libcoap2 <removed>
+ NOTE: https://github.com/obgm/libcoap/issues/1747
+ NOTE: https://github.com/obgm/libcoap/pull/1750
CVE-2025-65498 (NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_op ...)
- TODO: check
+ - libcoap3 <unfixed>
+ - libcoap2 <removed>
+ NOTE: https://github.com/obgm/libcoap/issues/1746
+ NOTE: https://github.com/obgm/libcoap/pull/1750
CVE-2025-65497 (NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_op ...)
- TODO: check
+ - libcoap3 <unfixed>
+ - libcoap2 <removed>
+ NOTE: https://github.com/obgm/libcoap/issues/1745
+ NOTE: https://github.com/obgm/libcoap/pull/1750
CVE-2025-65496 (NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_op ...)
- TODO: check
+ - libcoap3 <unfixed>
+ - libcoap2 <removed>
+ NOTE: https://github.com/obgm/libcoap/issues/1745
+ NOTE: https://github.com/obgm/libcoap/pull/1750
CVE-2025-65495 (Integer signedness error in tls_verify_call_back() in src/coap_openssl ...)
- TODO: check
+ - libcoap3 <unfixed>
+ - libcoap2 <removed>
+ NOTE: https://github.com/obgm/libcoap/issues/1744
+ NOTE: https://github.com/obgm/libcoap/pull/1750
CVE-2025-65494 (NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_open ...)
- TODO: check
+ - libcoap3 <unfixed>
+ - libcoap2 <removed>
+ NOTE: https://github.com/obgm/libcoap/issues/1745
+ NOTE: https://github.com/obgm/libcoap/pull/1750
CVE-2025-65493 (NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 a ...)
- TODO: check
+ - libcoap3 <unfixed>
+ - libcoap2 <removed>
+ NOTE: https://github.com/obgm/libcoap/issues/1743
+ NOTE: https://github.com/obgm/libcoap/pull/1750
CVE-2025-64048 (YCCMS 3.4 contains a stored cross-site scripting (XSS) vulnerability i ...)
TODO: check
CVE-2025-64047 (OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) i ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe47e5717b4627771081ca38bce167f8e40ac873
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe47e5717b4627771081ca38bce167f8e40ac873
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251124/2305aad0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list