CVE-2026-23749

LOW EPSS 6.1%
Published Feb 26, 20264mo ago · Modified Apr 15, 20262mo ago
2.1 CVSS 4.0
Low
Find Similar
Published Feb 26, 2026 4mo ago
Last Modified Apr 15, 2026 2mo ago

Description

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwise_transfer_init() accepts a path whose length equals CONFIG_GOLIOTH_COAP_MAX_PATH_LEN and copies it using strncpy() without guaranteeing a trailing NUL byte, leaving ctx->path unterminated. A later strlen() on this buffer (in golioth_coap_client_get_internal()) can read past the end of the allocation, resulting in a crash/denial of service. The input is application-controlled (not network by default).

CVSS Details

Base Score
2.1
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
6.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-170

References 5

  • blog.secmate.dev https://blog.secmate.dev/posts/golioth-vulnerabilities-disclosure/
  • github.com https://github.com/golioth/golioth-firmware-sdk/commit/0e788217ab4b61a7c1d9fadd1b4a40f5f538a26d
  • github.com https://github.com/golioth/golioth-firmware-sdk/releases/tag/v0.22.0
  • secmate.dev https://secmate.dev/disclosures/SECMATE-2025-0017
  • vulncheck.com https://www.vulncheck.com/advisories/golioth-firmware-sdk-blockwise-transfer-path-out-of-bounds-read

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.