Login Sign Up

CVE-2023-30362

7.5 HIGH
Buffer Overflow

📋 TL;DR

This CVE describes a buffer overflow vulnerability in the coap_send function of libcoap library versions up to 4.3.1-103-g52cfd56. Attackers can exploit this by sending malformed Protocol Data Units (PDUs) to potentially read sensitive information from memory. Any system using vulnerable versions of libcoap for Constrained Application Protocol (CoAP) communication is affected.

💻 Affected Systems

Products:
  • libcoap library
Versions: Versions up to and including 4.3.1-103-g52cfd56
Operating Systems: All operating systems using libcoap
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using libcoap's coap_send function with untrusted input is vulnerable.

📦 What is this software?

Libcoap by Libcoap

View all CVEs affecting Libcoap →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure leading to exposure of sensitive data like encryption keys, credentials, or other memory contents, potentially enabling further attacks.

🟠

Likely Case

Partial memory disclosure that could reveal application data or system information useful for reconnaissance.

🟢

If Mitigated

No impact if patched or if network controls prevent malicious CoAP traffic.

🌐 Internet-Facing: MEDIUM - Exploitable remotely via CoAP protocol, but requires specific CoAP implementation and malformed PDU knowledge.
🏢 Internal Only: MEDIUM - Same exploit mechanism applies internally, but attack surface may be smaller.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting specific malformed CoAP PDUs to trigger buffer overflow.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.3.1-120-ge242200 and later

Vendor Advisory: https://github.com/obgm/libcoap/issues/1063

Restart Required: Yes

Instructions:

1. Update libcoap to version 4.3.1-120-ge242200 or later. 2. Recompile any applications using libcoap. 3. Restart affected services.

🔧 Temporary Workarounds

Network filtering

all

Block or filter CoAP traffic from untrusted sources at network perimeter.

Input validation

all

Implement additional input validation for CoAP PDUs before passing to coap_send.

🧯 If You Can't Patch

  • Isolate vulnerable systems in segmented network zones with strict access controls.
  • Implement network monitoring for anomalous CoAP traffic patterns.

🔍 How to Verify

Check if Vulnerable:

Check libcoap version: if version <= 4.3.1-103-g52cfd56, system is vulnerable.

Check Version:

coap-client --version or check library version in application build configuration

Verify Fix Applied:

Verify libcoap version is >= 4.3.1-120-ge242200 and test CoAP functionality.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes or abnormal termination of CoAP services
  • Memory access violation errors in system logs

Network Indicators:

  • Unusual CoAP traffic patterns
  • Malformed CoAP packets in network captures

SIEM Query:

source="coap" AND (event_type="crash" OR error="buffer" OR error="overflow")

📊 Metadata

CVE ID: CVE-2023-30362
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-125
Published: June 23, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-30362, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)