Lookup for vulnerabilities affecting packages.
| Vulnerability_id | VCID-5w1d-wgvr-r7bg |
|---|
| Summary | Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2d_X509() to return -1 and be misused as a malloc() size parameter. |
|---|
| Aliases |
|
|---|
| Fixed_packages |
|
|---|
| Affected_packages |
| 0 |
| url |
pkg:deb/debian/libcoap3@4.3.1-1 |
| purl |
pkg:deb/debian/libcoap3@4.3.1-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-5tgh-x6d9-mbgb |
|
| 1 |
| vulnerability |
VCID-5w1d-wgvr-r7bg |
|
| 2 |
| vulnerability |
VCID-7djz-xrep-k7ef |
|
| 3 |
| vulnerability |
VCID-b2uf-h5my-6bck |
|
| 4 |
| vulnerability |
VCID-b315-43mj-fqb3 |
|
| 5 |
| vulnerability |
VCID-c8vb-bh6q-q7hb |
|
| 6 |
| vulnerability |
VCID-fhgk-zn6u-9fbn |
|
| 7 |
| vulnerability |
VCID-mv5x-1zqs-jug2 |
|
| 8 |
| vulnerability |
VCID-nxvj-r8hb-rqg9 |
|
| 9 |
| vulnerability |
VCID-r6an-ggdy-sfav |
|
| 10 |
| vulnerability |
VCID-rx5d-fpth-4ucf |
|
| 11 |
| vulnerability |
VCID-s4uj-j29w-bfba |
|
| 12 |
| vulnerability |
VCID-ukp6-3xj7-ubf5 |
|
| 13 |
| vulnerability |
VCID-v8k5-h7yw-tkh6 |
|
| 14 |
| vulnerability |
VCID-wrqe-w5pf-w7dq |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcoap3@4.3.1-1 |
|
| 1 |
|
|
|---|
| References |
|
|---|
| Weaknesses |
|
|---|
| Exploits |
|
|---|
| Severity_range_score | 7.5 - 7.5 |
|---|
| Exploitability | 0.5 |
|---|
| Weighted_severity | 6.8 |
|---|
| Risk_score | 3.4 |
|---|
| Resource_url | http://public2.vulnerablecode.io/vulnerabilities/VCID-5w1d-wgvr-r7bg |
|---|