QwikSec

Security Database

CVE

CWE

Training

CVE-2026-23748

Published: Feb 26, 2026

Modified: May 26, 2026

PUBLISHED

CVSS v3.1

3.7

LOW

Description

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit d7f55b38, contain an out-of-bounds read in LightDB State string parsing. When processing a string payload, a payload_size value less than 2 can cause a size_t underflow when computing the number of bytes to copy (nbytes). The subsequent memcpy() reads past the end of the network buffer, which can crash the device. The condition is reachable from on_payload, and golioth_payload_is_null() does not block payload_size==1. A malicious server or MITM can trigger a denial of service.

Vendor	Product	Versions
Golioth	Firmware SDK	affected `0.10.0 - < 0.22.0` unaffected `d7f55b380d8be8b29bd101ce06e421af2e88c12b`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

References

https://secmate.dev/disclosures/SECMATE-2025-0016

technical-description

https://blog.secmate.dev/posts/golioth-vulnerabilities-disclosure/

technical-description

exploit

https://github.com/golioth/golioth-firmware-sdk/releases/tag/v0.22.0

release-notes

https://github.com/golioth/golioth-firmware-sdk/commit/d7f55b380d8be8b29bd101ce06e421af2e88c12b

patch

https://www.vulncheck.com/advisories/golioth-firmware-sdk-lightdb-state-out-of-bounds-read

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.