Vulnerability DatabaseCVE-2025-34468

CVE-2025-34468:
Linux Debian vulnerability analysis and mitigation

libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentially achieve remote code execution depending on compiler options and runtime memory protections. Exploitation requires the proxy logic to be enabled (i.e., the proxy request handling code path in an application using libcoap).

Source: NVD

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

8.2

Score

Published December 31, 2025

Severity HIGH

CNA Score 8.2

Affected Technologies

Linux Debian
Echo

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 55.5

Exploitation Probability (EPSS) 0.3

Affected packages and libraries

libcoap3

Sources

NVD
Debian Security Tracker
- Debian 12, 13 Severity MEDIUMNo FixAdded at: Jan 01, 2026
- Debian 14 Severity CRITICALNo FixAdded at: Jan 01, 2026
Echo
- Echo Severity CRITICALNo FixAdded at: Jan 01, 2026

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related Linux Debian vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-22857	MEDIUM	6.8	Linux Debian	freerdp-plugins	No	No	Jan 14, 2026
CVE-2026-22856	MEDIUM	6.8	Linux Debian	freerdp2	No	No	Jan 14, 2026
CVE-2026-22859	MEDIUM	5.6	Linux Debian	freerdp3	No	No	Jan 14, 2026
CVE-2026-22858	MEDIUM	5.6	Linux Debian	freerdp3	No	No	Jan 14, 2026
CVE-2026-22036	LOW	3.7	JavaScript	node-undici	No	Yes	Jan 14, 2026