CVE-2026-23749: CWE-170: Improper Null Termination in Golioth Firmware SDK
Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwise_transfer_init() accepts a path whose length equals CONFIG_GOLIOTH_COAP_MAX_PATH_LEN and copies it using strncpy() without guaranteeing a trailing NUL byte, leaving ctx->path unterminated. A later strlen() on this buffer (in golioth_coap_client_get_internal()) can read past the end of the allocation, resulting in a crash/denial of service. The input is application-controlled (not network by default).
AI Analysis
Technical Summary
The vulnerability in Golioth Firmware SDK (<=0.19.1) involves an out-of-bounds read caused by improper null termination of a buffer used in blockwise_transfer_init(). Specifically, when a path of length equal to CONFIG_GOLIOTH_COAP_MAX_PATH_LEN is copied using strncpy(), the destination buffer ctx->path may not be null-terminated. Subsequent use of strlen() on this buffer in golioth_coap_client_get_internal() reads beyond the buffer boundary, leading to a crash or denial of service. The flaw is fixed in version 0.22.0 by ensuring proper null termination.
Potential Impact
The vulnerability can cause a denial of service via application crash due to out-of-bounds memory read. There is no indication of code execution or information disclosure. The attack vector is local/application-controlled input, not network-based by default. The CVSS 4.0 base score is 2.1, reflecting low severity.
Mitigation Recommendations
A fix is available in Golioth Firmware SDK version 0.22.0 and later, which properly null-terminates the buffer to prevent out-of-bounds reads. Users should upgrade to version 0.22.0 or later to remediate this issue. No additional mitigations are specified or required.
CVE-2026-23749: CWE-170: Improper Null Termination in Golioth Firmware SDK
Description
Golioth Firmware SDK version 0.19.1 prior to 0.22.0, fixed in commit 0e788217, contain an out-of-bounds read due to improper null termination of a blockwise transfer path. blockwise_transfer_init() accepts a path whose length equals CONFIG_GOLIOTH_COAP_MAX_PATH_LEN and copies it using strncpy() without guaranteeing a trailing NUL byte, leaving ctx->path unterminated. A later strlen() on this buffer (in golioth_coap_client_get_internal()) can read past the end of the allocation, resulting in a crash/denial of service. The input is application-controlled (not network by default).
CVSS v4.0
Score 2.1low
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in Golioth Firmware SDK (<=0.19.1) involves an out-of-bounds read caused by improper null termination of a buffer used in blockwise_transfer_init(). Specifically, when a path of length equal to CONFIG_GOLIOTH_COAP_MAX_PATH_LEN is copied using strncpy(), the destination buffer ctx->path may not be null-terminated. Subsequent use of strlen() on this buffer in golioth_coap_client_get_internal() reads beyond the buffer boundary, leading to a crash or denial of service. The flaw is fixed in version 0.22.0 by ensuring proper null termination.
Potential Impact
The vulnerability can cause a denial of service via application crash due to out-of-bounds memory read. There is no indication of code execution or information disclosure. The attack vector is local/application-controlled input, not network-based by default. The CVSS 4.0 base score is 2.1, reflecting low severity.
Mitigation Recommendations
A fix is available in Golioth Firmware SDK version 0.22.0 and later, which properly null-terminates the buffer to prevent out-of-bounds reads. Users should upgrade to version 0.22.0 or later to remediate this issue. No additional mitigations are specified or required.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-01-15T18:42:20.938Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69a0a1ca85912abc71d0bb4e
Added to database: 2/26/2026, 7:40:58 PM
Last enriched: 5/26/2026, 8:20:55 PM
Last updated: 5/29/2026, 12:27:53 PM
Views: 155
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.