| Message ID | 20251216111436.1553787-1-skandigraun@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-networking] libcoap: ignore CVE-2025-50518 | expand |
diff --git a/meta-networking/recipes-devtools/libcoap/libcoap_4.3.5a.bb b/meta-networking/recipes-devtools/libcoap/libcoap_4.3.5a.bb index 55c5ed8775..1a8d7ed725 100644 --- a/meta-networking/recipes-devtools/libcoap/libcoap_4.3.5a.bb +++ b/meta-networking/recipes-devtools/libcoap/libcoap_4.3.5a.bb @@ -60,3 +60,5 @@ PACKAGE_BEFORE_PN += "\ FILES:${PN}-bin = "${bindir}" FILES:${PN}-dev += "${datadir}/${BPN}/examples" + +CVE_STATUS[CVE-2025-50518] = "disputed: happens only when library is used incorrectly"
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-50518 The vulnerability is disputed by upstream, because the vulnerability requires a user error, incorrect library usage. See also an upstream discussion in a related (rejected) PR: https://github.com/obgm/libcoap/pull/1726 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- meta-networking/recipes-devtools/libcoap/libcoap_4.3.5a.bb | 2 ++ 1 file changed, 2 insertions(+)