Golioth Pouch CVE-2026-23750
HIGHCVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap-based buffer overflow in BLE GATT server certificate handling. server_cert_write() allocates a heap buffer of size CONFIG_POUCH_SERVER_CERT_MAX_LEN when receiving the first fragment, then appends subsequent fragments using memcpy() without verifying that sufficient capacity remains. An adjacent BLE client can send unauthenticated fragments whose combined size exceeds the allocated buffer, causing a heap overflow and crash; integrity impact is also possible due to memory corruption.
AnalysisAI
Golioth Pouch versions prior to commit 1b2219a1 suffer from a heap buffer overflow in BLE GATT server certificate handling that fails to validate fragment sizes during assembly, allowing unauthenticated adjacent attackers to trigger memory corruption and denial of service. An attacker can send maliciously sized certificate fragments that exceed the allocated buffer capacity, causing heap overflow conditions that crash the application and potentially corrupt adjacent memory structures. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all systems and applications using Golioth Pouch 0.1.0 and isolate affected devices from production networks if feasible. Within 7 days: Evaluate upgrade paths to post-commit 1b2219a1 versions or alternative BLE certificate libraries; disable BLE GATT server functionality if operationally possible. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today