VYPR

Pouch

by Golioth

Source repositories

CVEs (1)

  • CVE-2026-23750HigFeb 26, 2026
    risk 0.53cvss 8.1epss 0.00

    Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap-based buffer overflow in BLE GATT server certificate handling. server_cert_write() allocates a heap buffer of size CONFIG_POUCH_SERVER_CERT_MAX_LEN when receiving the first fragment, then appends subsequent…