Golioth Firmware SDK < 0.22.0 Blockwise Transfer Path Out-of-Bounds Read

Advisories

severity: low
date: 2/26/2026
Affecting: Firmware SDK 0.19.1 < 0.22.0, fixed in commit 0e788217
CVE: CVE-2026-23749
CWE: CWE-170: Improper Null Termination
CVSS: 2.1
CVSS V4 Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
References: SecMate Disclosure
SecMate Blog
Golioth Firmware SDK v0.22.0 Release Notes
Golioth Firmware SDK GitHub Patch Commit
Credit: SecMate (https://secmate.dev)
Description: Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwise_transfer_init() accepts a path whose length equals CONFIG_GOLIOTH_COAP_MAX_PATH_LEN and copies it using strncpy() without guaranteeing a trailing NUL byte, leaving ctx->path unterminated. A later strlen() on this buffer (in golioth_coap_client_get_internal()) can read past the end of the allocation, resulting in a crash/denial of service. The input is application-controlled (not network by default).

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo