What is GHSA-4vrr-6f8v-98rf?

GHSA-4vrr-6f8v-98rf is a security advisory published by GitHub Security Advisories with High severity. libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling...

Which CVE IDs does GHSA-4vrr-6f8v-98rf cover?

GHSA-4vrr-6f8v-98rf covers the following CVE IDs: CVE-2026-29013. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-4vrr-6f8v-98rf?

GHSA-4vrr-6f8v-98rf has a CVSS v3 base score of 9.8, published by GitHub Security Advisories.

GHSA-4vrr-6f8v-98rfHighCVSS 9.8

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling...

Vendor

GitHub Security Advisories

Published

April 18, 2026

Last Modified

June 2, 2026

🔗 CVE IDs covered (1)

CVE-2026-29013 →

📋 Description

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed OSCORE options or responses during OSCORE negotiation to trigger out-of-bounds reads during CBOR parsing and potentially cause heap buffer overflow writes through integer wraparound in allocation size computation.

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-29013
https://github.com/obgm/libcoap/commit/b7847c4dbb0dbee7c90b09a673d4cae256f03718
https://www.vulncheck.com/advisories/libcoap-out-of-bounds-read-in-oscore-cbor-unwrap-handling
https://github.com/advisories/GHSA-4vrr-6f8v-98rf