CVE-2026-23750

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-23750

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23750.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-23750

Published

2026-02-26T18:23:06.980Z

Modified

2026-03-01T02:23:24.118982Z

Severity

7.2 (High) CVSS_V4 - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap-based buffer overflow in BLE GATT server certificate handling. servercertwrite() allocates a heap buffer of size CONFIGPOUCHSERVERCERTMAX_LEN when receiving the first fragment, then appends subsequent fragments using memcpy() without verifying that sufficient capacity remains. An adjacent BLE client can send unauthenticated fragments whose combined size exceeds the allocated buffer, causing a heap overflow and crash; integrity impact is also possible due to memory corruption.

References

Affected packages

Git / github.com/golioth/pouch

Affected ranges

Type: GIT
Repo: https://github.com/golioth/pouch
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1b2219a1

Affected versions

v0.*

v0.1.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23750.json"