CRITICAL🇵🇱 Wersja polska

CVE-2024-40494

CVSS 9.8v3.1pub. 2024-10-22upd. 2025-06-24

Buffer Overflow in coap_msg.c in FreeCoAP allows remote attackers to execute arbitrary code or cause a denial of service (stack buffer overflow) via a crafted packet.

🤖 AI Analysis
How it works

An attacker sends a crafted CoAP packet that causes a stack buffer overflow in the message processing function in the coap_msg.c file. The vulnerability results from insufficient validation of input data length before copying it to a fixed-size buffer (CWE-120). The exploit can be executed remotely, without authentication, and without user interaction.

Impact

An attacker can remotely execute arbitrary code on the vulnerable system (RCE) or cause its failure and denial of service (DoS). In the event of successful code execution, it is possible to take full control of the device or service using FreeCoAP.

Mitigation & patch

Apply patches available from the vendor according to the references. Until the patch is applied, it is recommended to restrict network access to services using FreeCoAP using firewall or network segmentation.

Who is affected

Keith-Cullen FreeCoAP — versions indicated in the vendor references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Keith Cullen Freecoap

    APP
    Keith-Cullen
    0.7
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDoSMemory
CWE
References

Related vulnerabilities

CVE-2024-40493CRITICAL9.8PL ✓ten sam produkt

Null Pointer Dereference w FreeCoAP — RCE i DoS przez spreparowany pakiet CoAP

CVE-2024-31030CRITICAL9.1PL ✓ten sam produkt

Błąd NULL pointer dereference w FreeCoAP — DoS i ujawnienie informacji

CVE-2024-31029HIGH8.2ten sam produkt

An issue in the server_handle_regular function of the test_coap_server.c file within the FreeCoAP project allo...