CVE-2026-23750
HIGHCVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
2Description
Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap-based buffer overflow in BLE GATT server certificate handling. server_cert_write() allocates a heap buffer of size CONFIG_POUCH_SERVER_CERT_MAX_LEN when receiving the first fragment, then appends subsequent fragments using memcpy() without verifying that sufficient capacity remains. An adjacent BLE client can send unauthenticated fragments whose combined size exceeds the allocated buffer, causing a heap overflow and crash; integrity impact is also possible due to memory corruption.
Analysis
Golioth Pouch versions prior to commit 1b2219a1 suffer from a heap buffer overflow in BLE GATT server certificate handling that fails to validate fragment sizes during assembly, allowing unauthenticated adjacent attackers to trigger memory corruption and denial of service. An attacker can send maliciously sized certificate fragments that exceed the allocated buffer capacity, causing heap overflow conditions that crash the application and potentially corrupt adjacent memory structures. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems and applications using Golioth Pouch 0.1.0 and isolate affected devices from production networks if feasible. Within 7 days: Evaluate upgrade paths to post-commit 1b2219a1 versions or alternative BLE certificate libraries; disable BLE GATT server functionality if operationally possible. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today