CVE-2026-23748

low-risk

Published 2026-02-26

Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit d7f55b38, contain an out-of-bounds read in LightDB State string parsing. When processing a string payload, a payload_size value less than 2 can cause a size_t underflow when computing the number of bytes to copy (nbytes). The subsequent memcpy() reads past the end of the network buffer, which can crash the device. The condition is reachable from on_payload, and golioth_payload_is_null() does not block payload_size==1. A malicious server or MITM can trigger a denial of service.

Do I need to act?

-

0.05% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

3

CVSS 3.7/10 Low

NETWORK / HIGH complexity

References (5)

https://blog.secmate.dev/posts/golioth-vulnerabilities-disclosure/

https://github.com/golioth/golioth-firmware-sdk/commit/d7f55b380d8be8b29bd101ce0...

https://github.com/golioth/golioth-firmware-sdk/releases/tag/v0.22.0

https://secmate.dev/disclosures/SECMATE-2025-0016

https://www.vulncheck.com/advisories/golioth-firmware-sdk-lightdb-state-out-of-b...

18

/ 100

low-risk

Severity 13/34 · Low

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal