CVE-2025-65494

Name of the Vulnerable Software and Affected Versions libcoap version 4.3.5

Description A flaw exists in libcoap that could allow for a denial of service. This issue is due to a NULL pointer dereference in the get san or cn from cert() function located in src/coap openssl.c. The issue occurs when processing a crafted X.509 certificate, specifically when the sk GENERAL NAME value() function returns NULL.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.