| Name | CVE-2023-30362 |
| Description | Buffer Overflow vulnerability in coap_send function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows attackers to obtain sensitive information via malformed pdu. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 1040594 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| libcoap3 (PTS) | bookworm | 4.3.1-1 | vulnerable |
| trixie | 4.3.4-1.1+deb13u1 | fixed |
| forky, sid | 4.3.5-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| libcoap3 | source | (unstable) | 4.3.1-2 | | | 1040594 |
Notes
[bookworm] - libcoap3 <ignored> (Minor issue, no reverse deps in Bookworm)
https://github.com/obgm/libcoap/issues/1063
https://github.com/obgm/libcoap/commit/e242200f0af2a418dc9f69eee543feacc13cd851