Key Information Vulnerability Overview CVE ID: CVE-2025-50518 Vulnerability Type: Use-after-free (UAF) Affected Product: libcoap Affected Version: 4.3.5 Affected Components: coap_pdu.c, coap_delete_pdu_lkid, coap_delete_pdu, coap_send_hdr, coap_send Attack Type: Local Impact on Code Execution: true Impact on Information Disclosure: true Vulnerability Details Description: A use-after-free vulnerability exists in the function of the libcoap library. This issue arises from improper handling of memory after freeing a PDU object, potentially leading to memory corruption or arbitrary code execution. Discovery Method: Discovered during fuzz testing using libFuzzer. Code Analysis Relevant Code File: coap_pdu.c Critical Function: Root Cause: - When , only the pointer is checked for NULL, without verifying whether the pointed-to memory is still valid. - Multiple parts of the program hold the same pointer. When one holder calls and the reference count drops to 0, the memory is freed. - Other holders still retain the same pointer value (non-NULL), but the memory has already been deallocated. - Subsequent calls to pass the check, leading to access of already-freed memory and triggering a use-after-free condition. Key Points Dangling Pointer: A pointer that references memory that has been freed is called a dangling pointer. Behavior: Accessing freed memory results in undefined behavior, which is the core essence of a UAF vulnerability. References GitHub Link Discoverer: Xu Yaqiao, Security Researcher