CVE-2024-46304

NameCVE-2024-46304
DescriptionA NULL pointer dereference in libcoap v4.3.5-rc2 and below allows a remote attacker to cause a denial of service via the coap_handle_request_put_block function in src/coap_block.c.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1084981

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libcoap2 (PTS)bullseye4.2.1-1vulnerable
libcoap3 (PTS)bookworm4.3.1-1vulnerable
trixie, sid4.3.4-1.1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libcoapsource(unstable)(unfixed)
libcoap2source(unstable)(unfixed)
libcoap3source(unstable)(unfixed)1084981

Notes

[bookworm] - libcoap3 <ignored> (Minor issue, no reverse deps in Bookworm)
[bullseye] - libcoap2 <postponed> (Minor issue; can be fixed in next update)
https://github.com/obgm/libcoap/issues/1509

Search for package or bug name: Reporting problems