PT-2026-22166 · Unknown · Golioth Firmware Sdk
Secmate
·
Published
2026-02-26
·
Updated
2026-02-26
·
CVE-2026-23747
CVSS v4.0
6.3
Medium
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Golioth Firmware SDK versions 0.10.0 through 0.21.9
Description
The Golioth Firmware SDK contains a stack-based buffer overflow in Payload Utils. The
golioth payload as int() and golioth payload as float() helpers use memcpy() to copy network-supplied payload data into fixed-size stack buffers, with the length derived from payload size. Assertions intended to limit the copy length are removed in release builds, allowing memcpy() to copy an unbounded payload size. Payloads exceeding 12 bytes (for integers) or 32 bytes (for floats) can cause a stack overflow, leading to a crash or denial of service. This issue is reachable through LightDB State on payload with a malicious server or a man-in-the-middle (MITM) attack.Recommendations
Update to Golioth Firmware SDK version 0.22.0 or later.
Exploit
Fix
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Golioth Firmware Sdk