CVE-2026-23750: CWE-122 Heap-based Buffer Overflow in Golioth Pouch
Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap-based buffer overflow in BLE GATT server certificate handling. server_cert_write() allocates a heap buffer of size CONFIG_POUCH_SERVER_CERT_MAX_LEN when receiving the first fragment, then appends subsequent fragments using memcpy() without verifying that sufficient capacity remains. An adjacent BLE client can send unauthenticated fragments whose combined size exceeds the allocated buffer, causing a heap overflow and crash; integrity impact is also possible due to memory corruption.
AI Analysis
Technical Summary
Golioth Pouch version 0.1.0 contains a heap-based buffer overflow in the BLE GATT server certificate handling code. Specifically, server_cert_write() allocates a heap buffer sized by CONFIG_POUCH_SERVER_CERT_MAX_LEN upon receiving the first certificate fragment. Subsequent fragments are appended using memcpy() without bounds checking, enabling an adjacent BLE client to send unauthenticated fragments whose combined size exceeds the allocated buffer. This leads to a heap overflow, causing application crashes and possible memory corruption affecting integrity. The vulnerability is tracked as CWE-122 and has a CVSS 4.0 score of 7.2 (Attack Vector: Adjacent, Low Attack Complexity, No Privileges Required, No User Interaction, High Integrity and Availability impact).
Potential Impact
An attacker in adjacent BLE range can send unauthenticated fragmented certificate data to the vulnerable Golioth Pouch BLE GATT server, causing a heap overflow. This can crash the application and potentially corrupt memory, impacting the integrity of the system. There is no indication of confidentiality or availability impact beyond the crash. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or fix information is provided, users should monitor Golioth's advisories for updates. Until a fix is available, restricting BLE client access or disabling the vulnerable BLE GATT server certificate handling feature may reduce exposure.
CVE-2026-23750: CWE-122 Heap-based Buffer Overflow in Golioth Pouch
Description
Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap-based buffer overflow in BLE GATT server certificate handling. server_cert_write() allocates a heap buffer of size CONFIG_POUCH_SERVER_CERT_MAX_LEN when receiving the first fragment, then appends subsequent fragments using memcpy() without verifying that sufficient capacity remains. An adjacent BLE client can send unauthenticated fragments whose combined size exceeds the allocated buffer, causing a heap overflow and crash; integrity impact is also possible due to memory corruption.
CVSS v4.0
Score 7.2high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Golioth Pouch version 0.1.0 contains a heap-based buffer overflow in the BLE GATT server certificate handling code. Specifically, server_cert_write() allocates a heap buffer sized by CONFIG_POUCH_SERVER_CERT_MAX_LEN upon receiving the first certificate fragment. Subsequent fragments are appended using memcpy() without bounds checking, enabling an adjacent BLE client to send unauthenticated fragments whose combined size exceeds the allocated buffer. This leads to a heap overflow, causing application crashes and possible memory corruption affecting integrity. The vulnerability is tracked as CWE-122 and has a CVSS 4.0 score of 7.2 (Attack Vector: Adjacent, Low Attack Complexity, No Privileges Required, No User Interaction, High Integrity and Availability impact).
Potential Impact
An attacker in adjacent BLE range can send unauthenticated fragmented certificate data to the vulnerable Golioth Pouch BLE GATT server, causing a heap overflow. This can crash the application and potentially corrupt memory, impacting the integrity of the system. There is no indication of confidentiality or availability impact beyond the crash. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or fix information is provided, users should monitor Golioth's advisories for updates. Until a fix is available, restricting BLE client access or disabling the vulnerable BLE GATT server certificate handling feature may reduce exposure.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-01-15T18:42:20.938Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69a0a1ca85912abc71d0bb54
Added to database: 2/26/2026, 7:40:58 PM
Last enriched: 5/26/2026, 8:21:01 PM
Last updated: 5/29/2026, 5:17:55 PM
Views: 94
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.