CVE-2026-23750

Golioth Pouch 0.1.0 (prior to the fixed version) is affected by a heap-based buffer overflow in the BLE GATT server certificate handling. In server_cert_write(), a heap buffer of CONFIG_POUCH_SERVER_CERT_MAX_LEN is allocated for the first fragment, and subsequent fragments are appended via memcpy...

PT-2026-22169

Name of the Vulnerable Software and Affected Versions Golioth Pouch versions prior to commit 1b2219a1 Description The software contains a heap-based buffer overflow in BLE GATT server certificate handling. The server cert write function allocates a heap buffer of size CONFIG POUCH SERVER CERT MAX...

CVE-2024-2104

Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich could render the device unusable...

CVE-2018-9414

In gattServerSendResponseNative of comandroidbluetoothgatt.cpp, there is a possible out of bounds stack write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...

PT-2024-10678 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to a possible out of bounds stack write in the gattServerSendResponseNative function of com android bluetooth gatt.cpp due to a missing bounds check. This could lead to...

CVE-2024-1638

The documentation specifies that the BTGATTPERMREADLESC and BTGATTPERMWRITELESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when i...