From: Ankur Tyagi <[email protected]> Details https://nvd.nist.gov/vuln/detail/CVE-2023-51847
The vulnerability exists in coap_threadsafe.c but thread safe support was added in version v4.5.3 [1] [1] https://github.com/obgm/libcoap/commit/c69c5d5af0a30859e90756f535e2ca21cdeda0b2 $ git tag --contains c69c5d5 v4.3.5 v4.3.5-rc1 v4.3.5-rc2 v4.3.5-rc3 v4.3.5a Signed-off-by: Ankur Tyagi <[email protected]> --- meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb b/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb index 4f5a986858..9c45cd248e 100644 --- a/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb +++ b/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb @@ -64,3 +64,4 @@ FILES:${PN}-bin = "${bindir}" FILES:${PN}-dev += "${datadir}/${BPN}/examples" CVE_STATUS[CVE-2025-50518] = "disputed: happens only when library is used incorrectly" +CVE_STATUS[CVE-2023-51847] = "not-applicable-config: Doesn't apply to our configuration so we can safely ignore it."
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#122849): https://lists.openembedded.org/g/openembedded-devel/message/122849 Mute This Topic: https://lists.openembedded.org/mt/116926582/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
