QwikSec

Security Database

CVE

CWE

Training

CVE-2025-34468

Published: Dec 31, 2025

Modified: Mar 23, 2026

PUBLISHED

Description

libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentially achieve remote code execution depending on compiler options and runtime memory protections. Exploitation requires the proxy logic to be enabled (i.e., the proxy request handling code path in an application using libcoap).

Vendor	Product	Versions
libcoap	libcoap	affected `0 - <= 4.3.5` unaffected `30db3eaa1f0464722ebea2ca2d5084aebfbd344d`

Weaknesses (CWE)

References

https://github.com/obgm/libcoap/pull/1737

issue-tracking

https://github.com/obgm/libcoap/commit/30db3ea

patch

https://libcoap.net/

product

https://www.vulncheck.com/advisories/libcoap-stack-based-buffer-overflow-in-address-resolution-dos-or-potential-rce

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.