CVE-2026-58465
Gravedad CVSS v4.0:
ALTA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
02/07/2026
Última modificación:
02/07/2026
Descripción
*** Pendiente de traducción *** Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server memory by sending a sequence of Block1 PUT requests with incrementing block numbers. Attackers can target the registration endpoint over UDP without authentication, causing the server to repeatedly reallocate a growing accumulation buffer by appending each block payload without enforcing any maximum total size limit, resulting in denial of service through memory exhaustion.
Impacto
Puntuación base 4.0
8.70
Gravedad 4.0
ALTA
Puntuación base 3.x
7.50
Gravedad 3.x
ALTA
Referencias a soluciones, herramientas e información
- https://github.com/eclipse-wakaama/wakaama/commit/a83f1ca28fa090fbc03c3669fef40daf4f89cd03
- https://github.com/eclipse-wakaama/wakaama/pull/881
- https://github.com/eclipse-wakaama/wakaama/releases/tag/snapshots%2F2026-05-26
- https://www.vulncheck.com/advisories/eclipse-wakaama-coap-block1-handler-unbounded-memory-allocation-dos



