CVE-2026-23749

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-23749

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23749.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-23749

Published

2026-02-26T18:23:06.763Z

Modified

2026-03-01T02:23:16.694647Z

Severity

2.1 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwisetransferinit() accepts a path whose length equals CONFIGGOLIOTHCOAPMAXPATHLEN and copies it using strncpy() without guaranteeing a trailing NUL byte, leaving ctx->path unterminated. A later strlen() on this buffer (in goliothcoapclientget_internal()) can read past the end of the allocation, resulting in a crash/denial of service. The input is application-controlled (not network by default).

References

Affected packages

Git / github.com/golioth/golioth-firmware-sdk

Affected ranges

Type: GIT
Repo: https://github.com/golioth/golioth-firmware-sdk
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0e788217ab4b61a7c1d9fadd1b4a40f5f538a26d

Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f15281671a9dd5c14a5215021f4469a8e3071b37

Affected versions

v0.*

v0.1.0

v0.10.0

v0.11.0

v0.11.1

v0.12.0

v0.12.1

v0.12.2

v0.13.0

v0.13.1

v0.14.0

v0.15.0

v0.16.0

v0.17.0

v0.18.0

v0.18.1

v0.19.0

v0.19.1

v0.20.0

v0.21.0

v0.21.1

v0.3.0

v0.4.0

v0.5.0

v0.6.0

v0.7.0

v0.8.0

v0.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23749.json"

vanir_signatures

[
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "56502345576676756675422024377567781483",
                "205479671246672318692771008585564255481",
                "252508625059605475129627471649153268843",
                "185808600035126455037782035841831069175"
            ]
        },
        "source": "https://github.com/golioth/golioth-firmware-sdk/commit/0e788217ab4b61a7c1d9fadd1b4a40f5f538a26d",
        "signature_type": "Line",
        "id": "CVE-2026-23749-b02f7d91",
        "target": {
            "file": "src/coap_blockwise.c"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "63305777133134424483942790192886599276",
            "length": 389.0
        },
        "source": "https://github.com/golioth/golioth-firmware-sdk/commit/0e788217ab4b61a7c1d9fadd1b4a40f5f538a26d",
        "signature_type": "Function",
        "id": "CVE-2026-23749-bd8149f7",
        "target": {
            "file": "src/coap_blockwise.c",
            "function": "blockwise_transfer_init"
        }
    }
]