CVE-2026-58465
HIGH SEVERITYCVSS Score & Metrics
Base Score
7.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Description
Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server memory by sending a sequence of Block1 PUT requests with incrementing block numbers. Attackers can target the registration endpoint over UDP without authentication, causing the server to repeatedly reallocate a growing accumulation buffer by appending each block payload without enforcing any maximum total size limit, resulting in denial of service through memory exhaustion.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-770
Source
NVD
Vendor
eclipse-wakaama
Product
wakaama
External References
- https://github.com/eclipse-wakaama/wakaama/commit/a83f1ca28fa090fbc03c3669fef40daf4f89cd03
- https://github.com/eclipse-wakaama/wakaama/pull/881
- https://github.com/eclipse-wakaama/wakaama/releases/tag/snapshots%2F2026-05-26
- https://www.vulncheck.com/advisories/eclipse-wakaama-coap-block1-handler-unbounded-memory-allocation-dos
Discussion (0)
Add Comment
No comments yet. Be the first!