CVE-2026-23748
Out-of-Bounds Read in Golioth SDK Causes Device Crash
Publication date: 2026-02-26
Last updated on: 2026-02-27
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| golioth | golioth_firmware_sdk | From 0.10.0 (inc) to 0.22.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-191 | The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can cause a denial of service by crashing the device due to an out-of-bounds read triggered during string payload processing. An attacker, such as a malicious server or a man-in-the-middle, can exploit this flaw to disrupt the normal operation of devices running affected versions of the Golioth Firmware SDK.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
CVE-2026-23748 is a medium-severity vulnerability in Golioth Firmware SDK versions 0.10.0 up to but not including 0.22.0. It involves an out-of-bounds read in the LightDB State string parsing component. When processing a string payload, if the payload_size is less than 2, an integer underflow occurs during the calculation of the number of bytes to copy. This causes the memcpy() function to read beyond the end of the network buffer, which can crash the device.
The vulnerability is reachable via the on_payload function, and the function golioth_payload_is_null() does not block payload_size values equal to 1. This flaw can be exploited by a malicious server or a man-in-the-middle (MITM) attacker to trigger a denial of service.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an out-of-bounds read triggered by processing a LightDB State string payload with a payload_size less than 2, causing a device crash. Detection would involve monitoring for crashes or denial of service symptoms related to LightDB State string parsing in affected Golioth Firmware SDK versions.
Since the issue is triggered by malformed or malicious string payloads, network detection could focus on identifying suspicious payloads with unusually small sizes (payload_size < 2) sent to devices running vulnerable SDK versions.
However, no specific detection commands or signatures are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to upgrade the Golioth Firmware SDK to version 0.22.0 or later, where the vulnerability is fixed by ensuring that string payloads are validated to be at least 2 bytes long before processing.
This fix prevents the integer underflow and subsequent out-of-bounds read that could crash the device.
Until an upgrade is possible, consider monitoring and filtering network traffic to block or scrutinize payloads with a size less than 2 bytes targeting the LightDB State component to reduce the risk of exploitation.