CVE-2026-23747

MEDIUM EPSS 21.3%
Published Feb 26, 20264mo ago · Modified Apr 15, 20262mo ago
6.3 CVSS 4.0
Medium
Find Similar
Published Feb 26, 2026 4mo ago
Last Modified Apr 15, 2026 2mo ago

Description

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit 48f521b, contain a stack-based buffer overflow in Payload Utils. The golioth_payload_as_int() and golioth_payload_as_float() helpers copy network-supplied payload data into fixed-size stack buffers using memcpy() with a length derived from payload_size. The only length checks are guarded by assert(); in release builds, the asserts are compiled out and memcpy() may copy an unbounded payload_size. Payloads larger than 12 bytes (int) or 32 bytes (float) can overflow the stack, resulting in a crash/denial of service. This is reachable via LightDB State on_payload with a malicious server or MITM.

CVSS Details

Base Score
6.3
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
21.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-121

References 5

  • blog.secmate.dev https://blog.secmate.dev/posts/golioth-vulnerabilities-disclosure/
  • github.com https://github.com/golioth/golioth-firmware-sdk/commit/48f521bcc0187ada2b9cbdad31dc380e6c7b7332
  • github.com https://github.com/golioth/golioth-firmware-sdk/releases/tag/v0.22.0
  • secmate.dev https://secmate.dev/disclosures/SECMATE-2025-0015
  • vulncheck.com https://www.vulncheck.com/advisories/golioth-firmware-sdk-payload-utils-stack-based-buffer-overflow

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.