CVE-2026-23747

LOW 3.7

Golioth Firmware SDK < 0.22.0 Payload Utils Stack-based Buffer Overflow

CVSS Score

3.7

EPSS Score

0.0%

EPSS Percentile

0th

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit 48f521b, contain a stack-based buffer overflow in Payload Utils. The golioth_payload_as_int() and golioth_payload_as_float() helpers copy network-supplied payload data into fixed-size stack buffers using memcpy() with a length derived from payload_size. The only length checks are guarded by assert(); in release builds, the asserts are compiled out and memcpy() may copy an unbounded payload_size. Payloads larger than 12 bytes (int) or 32 bytes (float) can overflow the stack, resulting in a crash/denial of service. This is reachable via LightDB State on_payload with a malicious server or MITM.

CWE	CWE-121
Vendor	golioth
Product	firmware sdk
Published	Feb 26, 2026
Last Updated	Mar 23, 2026

Stay Ahead of the Next One

Get instant alerts for golioth firmware sdk

Be the first to know when new low vulnerabilities affecting golioth firmware sdk are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Affected Versions

Golioth / Firmware SDK

0.10.0 < 0.22.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

secmate.dev: https://secmate.dev/disclosures/SECMATE-2025-0015 blog.secmate.dev: https://blog.secmate.dev/posts/golioth-vulnerabilities-disclosure/ github.com: https://github.com/golioth/golioth-firmware-sdk/releases/tag/v0.22.0 github.com: https://github.com/golioth/golioth-firmware-sdk/commit/48f521bcc0187ada2b9cbdad31dc380e6c7b7332 vulncheck.com: https://www.vulncheck.com/advisories/golioth-firmware-sdk-payload-utils-stack-based-buffer-overflow

Credits

SecMate (https://secmate.dev)