CVE-2026-23748

LOW 3.7

Golioth Firmware SDK < 0.22.0 LightDB State Out-of-Bounds Read

CVSS Score

3.7

EPSS Score

0.0%

EPSS Percentile

0th

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit d7f55b38, contain an out-of-bounds read in LightDB State string parsing. When processing a string payload, a payload_size value less than 2 can cause a size_t underflow when computing the number of bytes to copy (nbytes). The subsequent memcpy() reads past the end of the network buffer, which can crash the device. The condition is reachable from on_payload, and golioth_payload_is_null() does not block payload_size==1. A malicious server or MITM can trigger a denial of service.

CWE	CWE-191
Vendor	golioth
Product	firmware sdk
Published	Feb 26, 2026
Last Updated	Mar 23, 2026

Stay Ahead of the Next One

Get instant alerts for golioth firmware sdk

Be the first to know when new low vulnerabilities affecting golioth firmware sdk are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Affected Versions

Golioth / Firmware SDK

0.10.0 < 0.22.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

secmate.dev: https://secmate.dev/disclosures/SECMATE-2025-0016 blog.secmate.dev: https://blog.secmate.dev/posts/golioth-vulnerabilities-disclosure/ github.com: https://github.com/golioth/golioth-firmware-sdk/releases/tag/v0.22.0 github.com: https://github.com/golioth/golioth-firmware-sdk/commit/d7f55b380d8be8b29bd101ce06e421af2e88c12b vulncheck.com: https://www.vulncheck.com/advisories/golioth-firmware-sdk-lightdb-state-out-of-bounds-read

Credits

SecMate (https://secmate.dev)