CVE-2024-46304 is a vulnerability identified in the libcoap library, specifically versions 4.3.5-rc2 and earlier. The root cause is a NULL pointer dereference within the function coap_handle_request_put_block located in src/coap_block.c. This function handles block-wise PUT requests in the CoAP protocol, which is widely used in constrained devices and IoT environments for lightweight communication. When a remote attacker sends a specially crafted CoAP PUT block request, the function fails to properly validate or handle certain input conditions, leading to dereferencing a NULL pointer. This results in a crash of the libcoap process, causing a denial of service (DoS) by making the affected service unavailable. The vulnerability does not require any privileges or user interaction, making it remotely exploitable over the network. The CVSS 3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) indicates that the attack vector is network-based, with low attack complexity, no privileges or user interaction needed, and the impact is limited to availability. The vulnerability is categorized under CWE-120 (Classic Buffer Overflow), which aligns with improper memory handling leading to crashes. Although no public exploits have been reported yet, the simplicity of triggering a NULL pointer dereference remotely suggests that exploitation could be straightforward once a proof-of-concept is developed. Libcoap is commonly embedded in IoT devices, constrained networks, and some industrial control systems, making this vulnerability relevant for those sectors. No official patches or fixes are linked yet, so users should monitor vendor advisories closely.

The primary impact of CVE-2024-46304 is a denial of service condition caused by crashing the libcoap process handling CoAP requests. This can disrupt communication in IoT devices, embedded systems, and industrial control systems that rely on libcoap for CoAP protocol implementation. The loss of availability can lead to operational downtime, loss of telemetry data, interruption of automated control processes, and potential cascading failures in dependent systems. Since the vulnerability is remotely exploitable without authentication, attackers can target exposed CoAP endpoints to cause widespread service outages. This is particularly critical in environments where CoAP is used for critical infrastructure monitoring, smart city applications, or medical devices. Although confidentiality and integrity are not directly impacted, the availability disruption can have severe consequences in time-sensitive or safety-critical deployments. The lack of known exploits currently reduces immediate risk, but the vulnerability’s characteristics make it a likely candidate for future exploitation attempts. Organizations with large IoT deployments or industrial networks using libcoap should consider this a high-priority threat.

To mitigate CVE-2024-46304, organizations should first identify all systems and devices using libcoap versions 4.3.5-rc2 or earlier. Since no official patches are currently linked, users should monitor libcoap project repositories and vendor advisories for updates or security patches addressing this issue. In the interim, network-level mitigations can reduce exposure: restrict access to CoAP services using firewalls or network segmentation to limit exposure to untrusted networks. Implement rate limiting and anomaly detection on CoAP traffic to detect and block malformed or suspicious PUT block requests. For embedded devices, consider disabling or restricting block-wise transfer features if not required. Conduct thorough testing of firmware or software updates incorporating newer libcoap versions once available. Additionally, maintain comprehensive logging and monitoring of CoAP traffic to detect potential exploitation attempts early. Organizations should also evaluate fallback or redundancy mechanisms to maintain service continuity in case of DoS events. Finally, engage with device manufacturers and vendors to ensure timely updates and coordinated vulnerability response.