CVE-2026-23750

Name of the Vulnerable Software and Affected Versions Golioth Pouch versions prior to commit 1b2219a1

Description The software contains a heap-based buffer overflow in BLE GATT server certificate handling. The server cert write() function allocates a heap buffer of size CONFIG POUCH SERVER CERT MAX LEN when receiving the first fragment, and then appends subsequent fragments using memcpy() without verifying sufficient capacity. A nearby BLE client can send unauthenticated fragments whose combined size exceeds the allocated buffer, leading to a heap overflow and potential crash, as well as possible memory corruption.

Recommendations Update to version 0.1.0 with commit 1b2219a1 or later.