libcoap-devel-4.3.5a-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15780-1 Final 1 1 2025-11-28T00:00:00Z current 2025-11-28T00:00:00Z 2025-11-28T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libcoap-devel-4.3.5a-1.1 on GA media These are all security issues fixed in the libcoap-devel-4.3.5a-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15780 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-65493/ SUSE CVE CVE-2025-65493 page https://www.suse.com/security/cve/CVE-2025-65494/ SUSE CVE CVE-2025-65494 page https://www.suse.com/security/cve/CVE-2025-65495/ SUSE CVE CVE-2025-65495 page https://www.suse.com/security/cve/CVE-2025-65496/ SUSE CVE CVE-2025-65496 page https://www.suse.com/security/cve/CVE-2025-65497/ SUSE CVE CVE-2025-65497 page https://www.suse.com/security/cve/CVE-2025-65498/ SUSE CVE CVE-2025-65498 page https://www.suse.com/security/cve/CVE-2025-65499/ SUSE CVE CVE-2025-65499 page https://www.suse.com/security/cve/CVE-2025-65500/ SUSE CVE CVE-2025-65500 page https://www.suse.com/security/cve/CVE-2025-65501/ SUSE CVE CVE-2025-65501 page openSUSE Tumbleweed libcoap-devel-4.3.5a-1.1 libcoap-utils-4.3.5a-1.1 libcoap3-3-4.3.5a-1.1 libcoap-devel-4.3.5a-1.1 as a component of openSUSE Tumbleweed libcoap-utils-4.3.5a-1.1 as a component of openSUSE Tumbleweed libcoap3-3-4.3.5a-1.1 as a component of openSUSE Tumbleweed NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL. CVE-2025-65493 openSUSE Tumbleweed:libcoap-devel-4.3.5a-1.1 openSUSE Tumbleweed:libcoap-utils-4.3.5a-1.1 openSUSE Tumbleweed:libcoap3-3-4.3.5a-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-65493.html CVE-2025-65493 https://bugzilla.suse.com/1254187 SUSE Bug 1254187 NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes sk_GENERAL_NAME_value() to return NULL. CVE-2025-65494 openSUSE Tumbleweed:libcoap-devel-4.3.5a-1.1 openSUSE Tumbleweed:libcoap-utils-4.3.5a-1.1 openSUSE Tumbleweed:libcoap3-3-4.3.5a-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-65494.html CVE-2025-65494 https://bugzilla.suse.com/1254188 SUSE Bug 1254188 Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2d_X509() to return -1 and be misused as a malloc() size parameter. CVE-2025-65495 openSUSE Tumbleweed:libcoap-devel-4.3.5a-1.1 openSUSE Tumbleweed:libcoap-utils-4.3.5a-1.1 openSUSE Tumbleweed:libcoap3-3-4.3.5a-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-65495.html CVE-2025-65495 https://bugzilla.suse.com/1254191 SUSE Bug 1254191 NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL. CVE-2025-65496 openSUSE Tumbleweed:libcoap-devel-4.3.5a-1.1 openSUSE Tumbleweed:libcoap-utils-4.3.5a-1.1 openSUSE Tumbleweed:libcoap3-3-4.3.5a-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-65496.html CVE-2025-65496 https://bugzilla.suse.com/1254189 SUSE Bug 1254189 NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL. CVE-2025-65497 openSUSE Tumbleweed:libcoap-devel-4.3.5a-1.1 openSUSE Tumbleweed:libcoap-utils-4.3.5a-1.1 openSUSE Tumbleweed:libcoap3-3-4.3.5a-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-65497.html CVE-2025-65497 https://bugzilla.suse.com/1254190 SUSE Bug 1254190 NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL. CVE-2025-65498 openSUSE Tumbleweed:libcoap-devel-4.3.5a-1.1 openSUSE Tumbleweed:libcoap-utils-4.3.5a-1.1 openSUSE Tumbleweed:libcoap3-3-4.3.5a-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-65498.html CVE-2025-65498 https://bugzilla.suse.com/1254186 SUSE Bug 1254186 Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_ex_data_X509_STORE_CTX_idx() to return -1. CVE-2025-65499 openSUSE Tumbleweed:libcoap-devel-4.3.5a-1.1 openSUSE Tumbleweed:libcoap-utils-4.3.5a-1.1 openSUSE Tumbleweed:libcoap3-3-4.3.5a-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-65499.html CVE-2025-65499 https://bugzilla.suse.com/1254194 SUSE Bug 1254194 NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL. CVE-2025-65500 openSUSE Tumbleweed:libcoap-devel-4.3.5a-1.1 openSUSE Tumbleweed:libcoap-utils-4.3.5a-1.1 openSUSE Tumbleweed:libcoap3-3-4.3.5a-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-65500.html CVE-2025-65500 https://bugzilla.suse.com/1254192 SUSE Bug 1254192 Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL. CVE-2025-65501 openSUSE Tumbleweed:libcoap-devel-4.3.5a-1.1 openSUSE Tumbleweed:libcoap-utils-4.3.5a-1.1 openSUSE Tumbleweed:libcoap3-3-4.3.5a-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-65501.html CVE-2025-65501 https://bugzilla.suse.com/1254193 SUSE Bug 1254193