CVE-2025-34468 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2025-34468?

CVE-2025-34468 has a CVSS score of 9.8 (CRITICAL). A stack-based buffer overflow vulnerability in libcoap allows remote attackers to crash applications or potentially execute arbitrary code when proxy functionality is enabled. This affects all libcoap versions up to 4.3.5. Applications using libcoap with proxy request handling enabled are vulnerable to exploitation.

📋 TL;DR

A stack-based buffer overflow vulnerability in libcoap allows remote attackers to crash applications or potentially execute arbitrary code when proxy functionality is enabled. This affects all libcoap versions up to 4.3.5. Applications using libcoap with proxy request handling enabled are vulnerable to exploitation.

💻 Affected Systems

Products:

libcoap

Versions: All versions up to and including 4.3.5

Operating Systems: All operating systems running vulnerable libcoap

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when proxy request handling is enabled in the application using libcoap.

📦 What is this software?

Libcoap by Libcoap

View all CVEs affecting Libcoap →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Denial of service through application crashes, with potential for limited code execution depending on memory protections.

🟢

If Mitigated

Application crash without code execution if ASLR, stack canaries, or other memory protections are enabled.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires proxy functionality to be enabled and attacker-controlled hostname data.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: libcoap after commit 30db3ea

Vendor Advisory: https://github.com/obgm/libcoap/commit/30db3ea

Restart Required: Yes

Instructions:

1. Update libcoap to version after commit 30db3ea. 2. Rebuild applications using libcoap. 3. Restart affected services.

🔧 Temporary Workarounds

Disable Proxy Functionality

all

Disable proxy request handling in applications using libcoap to prevent exploitation.

Configure application to disable COAP_PROXY feature

🧯 If You Can't Patch

Disable proxy functionality in all applications using libcoap
Implement network segmentation to isolate vulnerable systems

🔍 How to Verify

Check if Vulnerable:

Check libcoap version and verify if proxy functionality is enabled in applications.

Check Version:

ldconfig -p | grep libcoap

Verify Fix Applied:

Verify libcoap version is after commit 30db3ea and test proxy functionality.

📡 Detection & Monitoring

Log Indicators:

Application crashes, segmentation faults, abnormal termination of libcoap processes

Network Indicators:

Unusual CoAP traffic to proxy-enabled endpoints, malformed hostname data in requests

SIEM Query:

process:terminated AND (libcoap OR coap) AND (segfault OR crash)

📊 Metadata

CVE ID: CVE-2025-34468

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

EPSS Score: 0.31% exploit probability (53.7th percentile)

Published: December 31, 2025

Last Updated: January 14, 2026

🔗 References

https://github.com/obgm/libcoap/commit/30db3ea Patch
https://github.com/obgm/libcoap/pull/1737 Issue Tracking
https://libcoap.net/ Product
https://www.vulncheck.com/advisories/libcoap-stack-based-buffer-overflow-in-address-resolution-dos-or-potential-rce Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-34468, you might also want to check these: