From: Gyorgy Sarvari <[email protected]> Details: https://nvd.nist.gov/vuln/detail/CVE-2025-50518
The vulnerability is disputed by upstream, because the vulnerability requires a user error, incorrect library usage. See also an upstream discussion in a related (rejected) PR: https://github.com/obgm/libcoap/pull/1726 Signed-off-by: Gyorgy Sarvari <[email protected]> Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit 598176e1cb6c928e322e26d358e8d01ba9d5af0a) Signed-off-by: Ankur Tyagi <[email protected]> --- meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb b/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb index 65bf455d9b..4f5a986858 100644 --- a/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb +++ b/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb @@ -62,3 +62,5 @@ PACKAGE_BEFORE_PN += "\ FILES:${PN}-bin = "${bindir}" FILES:${PN}-dev += "${datadir}/${BPN}/examples" + +CVE_STATUS[CVE-2025-50518] = "disputed: happens only when library is used incorrectly"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#122848): https://lists.openembedded.org/g/openembedded-devel/message/122848 Mute This Topic: https://lists.openembedded.org/mt/116926581/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
