Description

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwise_transfer_init() accepts a path whose length equals CONFIG_GOLIOTH_COAP_MAX_PATH_LEN and copies it using strncpy() without guaranteeing a trailing NUL byte, leaving ctx->path unterminated. A later strlen() on this buffer (in golioth_coap_client_get_internal()) can read past the end of the allocation, resulting in a crash/denial of service. The input is application-controlled (not network by default).

INFO

Published Date :

2026-02-26T17:32:30.795Z

Last Modified :

2026-03-23T15:44:14.063Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2026-23749 vulnerability.

Vendors Products
Golioth
  • Firmware Sdk
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23749.

URL Resource
https://blog.secmate.dev/posts/golioth-vulnerabilities-disclosure/ cve-icon cve-icon
https://github.com/golioth/golioth-firmware-sdk/commit/0e788217ab4b61a7c1d9fadd1b4a40f5f538a26d cve-icon cve-icon
https://github.com/golioth/golioth-firmware-sdk/releases/tag/v0.22.0 cve-icon cve-icon
https://secmate.dev/disclosures/SECMATE-2025-0017 cve-icon cve-icon
https://www.vulncheck.com/advisories/golioth-firmware-sdk-blockwise-transfer-path-out-of-bounds-read cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact