CVE-2024-40493

Name of the Vulnerable Software and Affected Versions FreeCoAP version 1.0

Description The issue allows remote attackers to cause a denial of service and potentially execute arbitrary code via a specially crafted CoAP packet. This packet causes coap msg get payload(resp) to return a null pointer, which is then dereferenced in a call to memcpy. The coap client exchange blockwise2 function is specifically affected.

Recommendations For FreeCoAP version 1.0, as a temporary workaround, consider disabling the coap client exchange blockwise2 function until a patch is available. Restrict access to the vulnerable function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.