CVE-2026-23750
Golioth Pouch < [INSERT FIXED VERSION] BLE GATT Heap-based Buffer Overflow
CVSS Score
8.1
EPSS Score
0.0%
EPSS Percentile
0th
Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap-based buffer overflow in BLE GATT server certificate handling. server_cert_write() allocates a heap buffer of size CONFIG_POUCH_SERVER_CERT_MAX_LEN when receiving the first fragment, then appends subsequent fragments using memcpy() without verifying that sufficient capacity remains. An adjacent BLE client can send unauthenticated fragments whose combined size exceeds the allocated buffer, causing a heap overflow and crash; integrity impact is also possible due to memory corruption.
| CWE | CWE-122 |
| Vendor | golioth |
| Product | pouch |
| Published | Feb 26, 2026 |
| Last Updated | Mar 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for golioth pouch
Be the first to know when new high vulnerabilities affecting golioth pouch are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High
Affected Versions
Golioth / Pouch
0.1.0
References
secmate.dev: https://secmate.dev/disclosures/SECMATE-2025-0018 blog.secmate.dev: https://blog.secmate.dev/posts/golioth-vulnerabilities-disclosure/ github.com: https://github.com/golioth/pouch/commit/1b2219a1 vulncheck.com: https://www.vulncheck.com/advisories/golioth-pouch-ble-gatt-heap-based-buffer-overflow
Credits
SecMate (https://secmate.dev)