CVE-2025-65496

Name of the Vulnerable Software and Affected Versions libcoap version 4.3.5

Description A flaw exists in the processing of DTLS handshakes due to a NULL pointer dereference within the coap dtls generate cookie() function, located in src/coap openssl.c. This issue arises when SSL get SSL CTX() returns NULL during a crafted DTLS handshake. Successful exploitation can lead to a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.