CVE-2025-65495

Name of the Vulnerable Software and Affected Versions OISM libcoap version 4.3.5

Description An integer signedness error exists in the tls verify call back() function located in src/coap openssl.c. This flaw allows remote attackers to potentially cause a denial of service by providing a specially crafted TLS certificate. The issue arises because the i2d X509() function can return -1, and this value is then incorrectly used as a parameter for malloc(), leading to a crash.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.