CVE-2026-23747: CWE-121 Stack-based Buffer Overflow in Golioth Firmware SDK
Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit 48f521b, contain a stack-based buffer overflow in Payload Utils. The golioth_payload_as_int() and golioth_payload_as_float() helpers copy network-supplied payload data into fixed-size stack buffers using memcpy() with a length derived from payload_size. The only length checks are guarded by assert(); in release builds, the asserts are compiled out and memcpy() may copy an unbounded payload_size. Payloads larger than 12 bytes (int) or 32 bytes (float) can overflow the stack, resulting in a crash/denial of service. This is reachable via LightDB State on_payload with a malicious server or MITM.
AI Analysis
Technical Summary
Golioth Firmware SDK versions 0.10.0 up to but not including 0.22.0 contain a stack-based buffer overflow in the Payload Utils component. The functions golioth_payload_as_int() and golioth_payload_as_float() use memcpy() to copy payload data into fixed-size stack buffers, relying on assert() for length checks. Since asserts are removed in release builds, no effective bounds checking occurs, allowing payloads larger than the buffer sizes (12 bytes for int, 32 bytes for float) to overflow the stack. This vulnerability can be triggered remotely via LightDB State on_payload messages from a malicious or compromised server or via MITM attacks. The issue was fixed in commit 48f521b, included in version 0.22.0 and later.
Potential Impact
Exploitation of this vulnerability can cause a stack-based buffer overflow leading to application crashes or denial of service on devices running affected versions of the Golioth Firmware SDK. There is no indication of code execution or privilege escalation in the provided data. The attack vector is remote network-based with no privileges or user interaction required, but requires the ability to send malicious payloads via LightDB State on_payload. No known exploits in the wild have been reported.
Mitigation Recommendations
A fix for this vulnerability is available and was introduced in commit 48f521b. Users should upgrade to Golioth Firmware SDK version 0.22.0 or later to remediate this issue. Until upgrading, avoid processing untrusted payloads via LightDB State on_payload or implement additional input validation to ensure payload sizes do not exceed safe limits. Patch status is confirmed by the vendor commit; no cloud service remediation applies as this is an SDK vulnerability.
CVE-2026-23747: CWE-121 Stack-based Buffer Overflow in Golioth Firmware SDK
Description
Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit 48f521b, contain a stack-based buffer overflow in Payload Utils. The golioth_payload_as_int() and golioth_payload_as_float() helpers copy network-supplied payload data into fixed-size stack buffers using memcpy() with a length derived from payload_size. The only length checks are guarded by assert(); in release builds, the asserts are compiled out and memcpy() may copy an unbounded payload_size. Payloads larger than 12 bytes (int) or 32 bytes (float) can overflow the stack, resulting in a crash/denial of service. This is reachable via LightDB State on_payload with a malicious server or MITM.
CVSS v4.0
Score 6.3medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Golioth Firmware SDK versions 0.10.0 up to but not including 0.22.0 contain a stack-based buffer overflow in the Payload Utils component. The functions golioth_payload_as_int() and golioth_payload_as_float() use memcpy() to copy payload data into fixed-size stack buffers, relying on assert() for length checks. Since asserts are removed in release builds, no effective bounds checking occurs, allowing payloads larger than the buffer sizes (12 bytes for int, 32 bytes for float) to overflow the stack. This vulnerability can be triggered remotely via LightDB State on_payload messages from a malicious or compromised server or via MITM attacks. The issue was fixed in commit 48f521b, included in version 0.22.0 and later.
Potential Impact
Exploitation of this vulnerability can cause a stack-based buffer overflow leading to application crashes or denial of service on devices running affected versions of the Golioth Firmware SDK. There is no indication of code execution or privilege escalation in the provided data. The attack vector is remote network-based with no privileges or user interaction required, but requires the ability to send malicious payloads via LightDB State on_payload. No known exploits in the wild have been reported.
Mitigation Recommendations
A fix for this vulnerability is available and was introduced in commit 48f521b. Users should upgrade to Golioth Firmware SDK version 0.22.0 or later to remediate this issue. Until upgrading, avoid processing untrusted payloads via LightDB State on_payload or implement additional input validation to ensure payload sizes do not exceed safe limits. Patch status is confirmed by the vendor commit; no cloud service remediation applies as this is an SDK vulnerability.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-01-15T18:42:20.937Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69a0a1c885912abc71d0baa9
Added to database: 2/26/2026, 7:40:56 PM
Last enriched: 5/26/2026, 8:20:37 PM
Last updated: 5/29/2026, 7:58:39 PM
Views: 148
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.