OSV-2026-589

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libcoap/OSV-2026-589.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2026-589
Published
2026-04-19T00:09:04.852781Z
Modified
2026-04-19T00:09:04.853106Z
Summary
Heap-double-free in coap_new_oscore_conf
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=503812134

Crash type: Heap-double-free
Crash state:
coap_new_oscore_conf
oscore_conf_parse_target.c
coap_new_oscore_conf
References

Affected packages

OSS-Fuzz / libcoap

Package

Name
libcoap
Purl
pkg:generic/libcoap

Affected ranges

Type
GIT
Repo
https://github.com/obgm/libcoap.git
Events
Introduced
77929465d3fd497574adf5941f5558e8c2eb7a06
Fixed
e4297c9c890ddb2480bf598b4207169c0271ae30
Fixed
783b5317caf30397df392228d67969af579fa03b

Ecosystem specific 

{
    "severity": "HIGH"
}

Database specific

source 
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libcoap/OSV-2026-589.yaml"
fixed_range 
"3f4d08f964248363bbf192a7af1e59303429e561:783b5317caf30397df392228d67969af579fa03b"
introduced_range 
"e766f053c2cf90aaf181f0f458e77905d462413c:24d146d55327507b2107941a134795c9a7be13ef"