CVE-2026-23749

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwisetransferinit accepts a path whose length equals CONFIGGOLIOTHCOAPMAXPATHLEN and copies it using strncpy without...

CVE-2026-23748

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit d7f55b38, contain an out-of-bounds read in LightDB State string parsing. When processing a string payload, a payloadsize value less than 2 can cause a sizet underflow when computing the number of bytes to copy nbytes. The...

CVE-2026-23747

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit 48f521b, contain a stack-based buffer overflow in Payload Utils. The goliothpayloadasint and goliothpayloadasfloat helpers copy network-supplied payload data into fixed-size stack buffers using memcpy with a length derived from...

EUVD-2026-8867

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit d7f55b38, contain an out-of-bounds read in LightDB State string parsing. When processing a string payload, a payloadsize value less than 2 can cause a sizet underflow when computing the number of bytes to copy nbytes. The...

EUVD-2026-8869

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwisetransferinit accepts a path whose length equals CONFIGGOLIOTHCOAPMAXPATHLEN and copies it using strncpy without...

EUVD-2026-8870

Golioth Pouch version 0.1.0 prior to INSERT FIXED VERSION, fixed in commit 1b2219a1, contain a heap-based buffer overflow in BLE GATT server certificate handling. servercertwrite allocates a heap buffer of size CONFIGPOUCHSERVERCERTMAXLEN when receiving the first fragment, then appends subsequent...

EUVD-2026-8868

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit 48f521b, contain a stack-based buffer overflow in Payload Utils. The goliothpayloadasint and goliothpayloadasfloat helpers copy network-supplied payload data into fixed-size stack buffers using memcpy with a length derived from...

CVE-2026-23747

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit 48f521b, contain a stack-based buffer overflow in Payload Utils. The goliothpayloadasint and goliothpayloadasfloat helpers copy network-supplied payload data into fixed-size stack buffers using memcpy with a length derived from...

CVE-2026-23748

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit d7f55b38, contain an out-of-bounds read in LightDB State string parsing. When processing a string payload, a payloadsize value less than 2 can cause a sizet underflow when computing the number of bytes to copy nbytes. The...

CVE-2026-23750

Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap-based buffer overflow in BLE GATT server certificate handling. servercertwrite allocates a heap buffer of size CONFIGPOUCHSERVERCERTMAXLEN when receiving the first fragment, then appends subsequent fragments using memcpy witho...

CVE-2026-23749

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwisetransferinit accepts a path whose length equals CONFIGGOLIOTHCOAPMAXPATHLEN and copies it using strncpy without...

CVE-2026-23748

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit d7f55b38, contain an out-of-bounds read in LightDB State string parsing. When processing a string payload, a payloadsize value less than 2 can cause a sizet underflow when computing the number of bytes to copy nbytes. The...

CVE-2026-23749

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwisetransferinit accepts a path whose length equals CONFIGGOLIOTHCOAPMAXPATHLEN and copies it using strncpy without...

CVE-2026-23747

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit 48f521b, contain a stack-based buffer overflow in Payload Utils. The goliothpayloadasint and goliothpayloadasfloat helpers copy network-supplied payload data into fixed-size stack buffers using memcpy with a length derived from...

CVE-2026-23750

Golioth Pouch 0.1.0 (prior to the fixed version) is affected by a heap-based buffer overflow in the BLE GATT server certificate handling. In server_cert_write(), a heap buffer of CONFIG_POUCH_SERVER_CERT_MAX_LEN is allocated for the first fragment, and subsequent fragments are appended via memcpy...

CVE-2026-23750 Golioth Pouch (prior to commit 1b2219a1) BLE GATT Heap-based Buffer Overflow

Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap-based buffer overflow in BLE GATT server certificate handling. servercertwrite allocates a heap buffer of size CONFIGPOUCHSERVERCERTMAXLEN when receiving the first fragment, then appends subsequent fragments using memcpy witho...

CVE-2026-23750 Golioth Pouch (prior to commit 1b2219a1) BLE GATT Heap-based Buffer Overflow

Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap-based buffer overflow in BLE GATT server certificate handling. servercertwrite allocates a heap buffer of size CONFIGPOUCHSERVERCERTMAXLEN when receiving the first fragment, then appends subsequent fragments using memcpy witho...

CVE-2026-23749 Golioth Firmware SDK < 0.22.0 Blockwise Transfer Path Out-of-Bounds Read

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwisetransferinit accepts a path whose length equals CONFIGGOLIOTHCOAPMAXPATHLEN and copies it using strncpy without...

CVE-2026-23749

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwisetransferinit accepts a path whose length equals CONFIGGOLIOTHCOAPMAXPATHLEN and copies it using strncpy without...

CVE-2026-23749

CVE-2026-23749 - Golioth Firmware SDK : The vulnerability affects Golioth Firmware SDK versions 0.19.1 prior to 0.22.0. The root cause is an out-of-bounds read caused by improper null termination when copying the blockwise transfer path in blockwise_transfer_init(). If the input path length equal...