Description

Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a specially crafted CoAP packet that causes `coap_msg_get_payload(resp)` to return a null pointer, which is then dereferenced in a call to `memcpy`.

INFO

Published Date :

2024-10-22T00:00:00.000Z

Last Modified :

2024-10-23T15:50:04.486Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-40493 vulnerability.

Vendors Products
Keith-cullen
  • Freecoap
Keithcullen
  • Freecoap
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-40493.

URL Resource
https://gist.github.com/dqp10515/fe80005e2fb58ed8ada178ac017e4ad4 cve-icon cve-icon
https://github.com/keith-cullen/FreeCoAP/issues/37 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact